-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify the mode API #660
base: main
Are you sure you want to change the base?
Specify the mode API #660
Changes from all commits
ebc24fc
4fd24da
d34ecd0
ce8f11e
2a28995
d8488b8
1e0d0be
a477975
c4c3d5b
400ac7f
cbaa2d2
0247dd2
71e585b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -623,8 +623,11 @@ This specification introduces an extension to the {{CredentialRequestOptions}} o | |
The {{IdentityCredentialRequestOptions}} contains a list of | ||
{{IdentityProviderConfig}}s that the [=RP=] supports and has | ||
pre-registered with (i.e. the [=IDP=] has given the [=RP=] a `clientId`). | ||
The {{IdentityCredentialRequestOptions}} also contains a {{IdentityCredentialRequestOptionsContext}} | ||
which the user agent can use to provide a more meaningful dialog to users. | ||
The {{IdentityCredentialRequestOptions}} also contains an | ||
{{IdentityCredentialRequestOptionsContext}}, which the user agent can use to | ||
provide a more meaningful dialog to users, and an | ||
{{IdentityCredentialRequestOptionsMode}}, which the user agent can use to | ||
specify different behaviors or dialog types. | ||
|
||
<xmp class=idl> | ||
enum IdentityCredentialRequestOptionsContext { | ||
|
@@ -634,9 +637,15 @@ enum IdentityCredentialRequestOptionsContext { | |
"continue" | ||
}; | ||
|
||
enum IdentityCredentialRequestOptionsMode { | ||
"active", | ||
"passive" | ||
}; | ||
|
||
dictionary IdentityCredentialRequestOptions { | ||
required sequence<IdentityProviderRequestOptions> providers; | ||
IdentityCredentialRequestOptionsContext context = "signin"; | ||
IdentityCredentialRequestOptionsMode mode = "passive"; | ||
}; | ||
</xmp> | ||
|
||
|
@@ -774,27 +783,35 @@ To <dfn>create an IdentityCredential</dfn> given an {{IdentityProviderRequestOpt | |
or a pair (failure, bool), where the bool indicates whether to skip delaying | ||
the exception thrown. | ||
1. Assert: These steps are running [=in parallel=]. | ||
1. Let |mode| be |options|'s {{IdentityCredentialRequestOptions/mode}}. | ||
1. Let |globalObject| be the [=current global object=]. | ||
1. Let |W| be |globalObject|'s [=associated Window=]. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can be defined inside the active mode if since only used there? |
||
1. If |mode| is [=active=]: | ||
1. If |W| does not have [=transient activation=], return (failure, true). | ||
1. Otherwise, and if there is a pending request on |W|'s top-level browsing | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the top-level browsing context needs a link (and not sure if it is directly from Window or need to use Document). Also this is not clear, right now it makes it sound like we just check if top-level has a pending request whereas we would need to check all frames nested in that top-level. Can you rephrase this to make it clear? |
||
context where |mode| is [=passive=], reject the previous request. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to say specifically what error is used for the rejection in this case, no? |
||
1. Let |loginStatus| be the result of [=get the login status=] with | ||
tttzach marked this conversation as resolved.
Show resolved
Hide resolved
|
||
the [=/origin=] of |provider|'s {{IdentityProviderConfig/configURL}}. | ||
1. If |loginStatus| is [=unknown=], a user agent MAY set it to [=logged-out=]. | ||
1. If |loginStatus| is [=logged-out=], the user agent MUST do one of the following: | ||
|
||
* Return (failure, false). | ||
* Prompt the user whether to continue. If the user continues, the user | ||
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an | ||
affordance to [=show an IDP login dialog=]. | ||
|
||
* If the user cancels this dialog, return (failure, true). | ||
* If the user triggers this affordance: | ||
1. Let |config| be the result of running [=fetch the config file=] | ||
with |provider| and |globalObject|. | ||
1. If |config| is failure, return (failure, true). | ||
1. [=Show an IDP login dialog=] with |config| and |provider|. | ||
1. If that algorithm returns failure, return (failure, true). | ||
|
||
Issue: We should perhaps provide a way to let the [=RP=] request that | ||
the second option is provided, possibly gated on a user gesture. | ||
See [this issue](https://github.com/fedidcg/FedCM/issues/442) for discussion. | ||
1. If |loginStatus| is [=logged-out=]: | ||
1. If |mode| is [=active=]: | ||
1. Let |config| be the result of running [=fetch the config file=] | ||
with |provider| and |globalObject|. | ||
1. If |config| is failure, return (failure, true). | ||
1. [=Show an IDP login dialog=] with |config| and |provider|. | ||
1. If that algorithm returns failure, return (failure, true). | ||
1. Otherwise, the user agent MUST do one of the following: | ||
* Return (failure, false). | ||
* Prompt the user whether to continue. If the user continues, the user | ||
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an | ||
affordance to [=show an IDP login dialog=]. | ||
* If the user cancels this dialog, return (failure, true). | ||
* If the user triggers this affordance: | ||
1. Let |config| be the result of running [=fetch the config file=] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder if it would be better to encapsulate this in a helper function so as not to rewrite it? |
||
with |provider| and |globalObject|. | ||
1. If |config| is failure, return (failure, true). | ||
1. [=Show an IDP login dialog=] with |config| and |provider|. | ||
1. If that algorithm returns failure, return (failure, true). | ||
1. Let |requiresUserMediation| be |provider|'s {{IdentityProviderConfig/configURL}}'s [=/origin=]'s | ||
[=requires user mediation=]. | ||
1. Let |mediation| be |options|'s {{CredentialRequestOptions/mediation}}. | ||
|
@@ -884,7 +901,8 @@ the exception thrown. | |
1. If [=compute the connection status=] of |account|, |provider| and |globalObject| returns | ||
[=compute the connection status/connected=], show a dialog to request user permission to sign | ||
in via |account|, and set the result in |permission|. The user agent MAY use |options|'s | ||
{{IdentityCredentialRequestOptions/context}} to customize the dialog. | ||
{{IdentityCredentialRequestOptions/context}} and |options|'s | ||
{{IdentityCredentialRequestOptions/mode}} to customize the dialog. | ||
1. Otherwise, let |permission| be the result of running [=request permission to sign-up=] | ||
algorithm with |account|, |config|, |provider|, and |globalObject|. Also set | ||
|disclosureTextShown| to true. | ||
|
@@ -1290,8 +1308,9 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}} | |
is defined, and the |provider|'s {{IdentityProviderConfig/clientId}} is not in the list of | ||
|account|["{{IdentityProviderAccount/approved_clients}}"], then the user agent MUST display | ||
the |metadata|["{{IdentityProviderClientMetadata/terms_of_service_url}}"] link. | ||
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the | ||
dialog shown. | ||
1. The user agent MAY use the | ||
tttzach marked this conversation as resolved.
Show resolved
Hide resolved
|
||
{{IdentityCredentialRequestOptions/context}} and |options|'s | ||
{{IdentityCredentialRequestOptions/mode}} to customize the dialog shown. | ||
1. If the user does not grant permission, return false. | ||
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and | ||
|globalObject|. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont think there is a current global object while running in parallel? Why dont you just use the globalObject that is passed as a parameter to this algorithm?