From ffc36b553a834a8e13ba8f898d1bfad2138ab6e3 Mon Sep 17 00:00:00 2001 From: Christian Biesinger Date: Tue, 29 Oct 2024 14:11:28 -0400 Subject: [PATCH 1/2] Specify account labels Bug: #553 --- spec/index.bs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/spec/index.bs b/spec/index.bs index 9ee1e37f..3335e97f 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -860,6 +860,12 @@ the exception thrown. {{IdentityProviderAccount/domain_hints}} does not [=list/contain=] |provider|'s {{IdentityProviderRequestOptions/domainHint}}. 1. If |accountList| is now empty, go to the [=mismatch dialog step=]. + 1. If |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}} + was specified: + 1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s + {{IdentityProviderAccount/labels}} does not [=list/contain=] + |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}}. + 1. If |accountList| is now empty, go to the [=mismatch dialog step=]. 1. For each |acc| in |accountsList|: 1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=] with |acc| and |globalObject|. @@ -1053,6 +1059,10 @@ dictionary IdentityProviderBranding { USVString name; }; +dictionary IdentityProviderLabelConfig { + USVString include; +}; + dictionary IdentityProviderAPIConfig { required USVString accounts_endpoint; required USVString client_metadata_endpoint; @@ -1060,6 +1070,7 @@ dictionary IdentityProviderAPIConfig { required USVString login_url; USVString disconnect_endpoint; IdentityProviderBranding branding; + IdentityProviderLabelConfig accounts; }; @@ -1138,6 +1149,7 @@ dictionary IdentityProviderAccount { sequence approved_clients; sequence login_hints; sequence domain_hints; + sequence labels; }; dictionary IdentityProviderAccountList { sequence accounts; @@ -1813,6 +1825,9 @@ Every {{IdentityProviderAccount}} is expected to have members with the following :: A list of strings which correspond to all of the domain hints which match with this account. An [=RP=] can use the {{IdentityProviderRequestOptions/domainHint}} to request that only an account matching a given value or containing some domain hint is shown to the user. + : labels + :: A list of strings which give the accounts a list of labels. The config file can specify a filter + for a label string. For example: @@ -1828,7 +1843,7 @@ For example: "picture": "https://idp.example/profile/123", "approved_clients": ["123", "456", "789"], "login_hints": ["john_doe"], - "domain_hints": ["idp.example"], + "domain_hints": ["idp.example"] }, { "id": "5678", "given_name": "Johnny", @@ -1838,6 +1853,7 @@ For example: "approved_clients": ["abc", "def", "ghi"], "login_hints": ["email=johhny@idp.example", "id=5678"], "domain_hints": ["idp.example"], + "labels:" ["l1"] }] } ``` From b85d7954fdcca570b992b2232ff629c42aa76db3 Mon Sep 17 00:00:00 2001 From: Christian Biesinger Date: Wed, 30 Oct 2024 15:37:17 -0400 Subject: [PATCH 2/2] is present --- spec/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.bs b/spec/index.bs index 3335e97f..bd41f4de 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -861,7 +861,7 @@ the exception thrown. {{IdentityProviderRequestOptions/domainHint}}. 1. If |accountList| is now empty, go to the [=mismatch dialog step=]. 1. If |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}} - was specified: + is present: 1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s {{IdentityProviderAccount/labels}} does not [=list/contain=] |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}}.