-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify account labels #669
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -860,6 +860,12 @@ the exception thrown. | |
{{IdentityProviderAccount/domain_hints}} does not [=list/contain=] |provider|'s | ||
{{IdentityProviderRequestOptions/domainHint}}. | ||
1. If |accountList| is now empty, go to the [=mismatch dialog step=]. | ||
1. If |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}} | ||
is present: | ||
1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s | ||
{{IdentityProviderAccount/labels}} does not [=list/contain=] | ||
|config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}}. | ||
1. If |accountList| is now empty, go to the [=mismatch dialog step=]. | ||
1. For each |acc| in |accountsList|: | ||
1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=] | ||
with |acc| and |globalObject|. | ||
|
@@ -1053,13 +1059,18 @@ dictionary IdentityProviderBranding { | |
USVString name; | ||
}; | ||
|
||
dictionary IdentityProviderLabelConfig { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A dictionary with a single string? What are we thinking this could be extended to? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "exclude" is the obvious one. Conceivably we could also allow specifying multiple labels (could require all of them to match or just one) |
||
USVString include; | ||
}; | ||
|
||
dictionary IdentityProviderAPIConfig { | ||
required USVString accounts_endpoint; | ||
required USVString client_metadata_endpoint; | ||
required USVString id_assertion_endpoint; | ||
required USVString login_url; | ||
USVString disconnect_endpoint; | ||
IdentityProviderBranding branding; | ||
IdentityProviderLabelConfig accounts; | ||
}; | ||
</xmp> | ||
|
||
|
@@ -1138,6 +1149,7 @@ dictionary IdentityProviderAccount { | |
sequence<USVString> approved_clients; | ||
sequence<DOMString> login_hints; | ||
sequence<DOMString> domain_hints; | ||
sequence<DOMString> labels; | ||
}; | ||
dictionary IdentityProviderAccountList { | ||
sequence<IdentityProviderAccount> accounts; | ||
|
@@ -1813,6 +1825,9 @@ Every {{IdentityProviderAccount}} is expected to have members with the following | |
:: A list of strings which correspond to all of the domain hints which match with this account. | ||
An [=RP=] can use the {{IdentityProviderRequestOptions/domainHint}} to request that only an account | ||
matching a given value or containing some domain hint is shown to the user. | ||
: <dfn>labels</dfn> | ||
:: A list of strings which give the accounts a list of labels. The config file can specify a filter | ||
for a label string. | ||
</dl> | ||
|
||
For example: | ||
|
@@ -1828,7 +1843,7 @@ For example: | |
"picture": "https://idp.example/profile/123", | ||
"approved_clients": ["123", "456", "789"], | ||
"login_hints": ["john_doe"], | ||
"domain_hints": ["idp.example"], | ||
"domain_hints": ["idp.example"] | ||
}, { | ||
"id": "5678", | ||
"given_name": "Johnny", | ||
|
@@ -1838,6 +1853,7 @@ For example: | |
"approved_clients": ["abc", "def", "ghi"], | ||
"login_hints": ["[email protected]", "id=5678"], | ||
"domain_hints": ["idp.example"], | ||
"labels:" ["l1"] | ||
}] | ||
} | ||
``` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the discrepancy between
labels
andinclude
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean, this is what we settled on in the explainer. I don't recall why we made this choice specifically, though. @samuelgoto do you remember?