[FedCM] JSON-Encode custom parameters

This implements the consensus from the FedID CG described here: w3c-fedid/custom-requests#2 (comment) For easier migration for IDPs, this still sends the previous param_ prefixed parameters as well for now. Bug: 40262526 Change-Id: I2fe16a2776cecc76b58f339c1a33221f1781aaac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5870964 Commit-Queue: Christian Biesinger <cbiesinger@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Cr-Commit-Position: refs/heads/main@{#1357291}
chromium · Sep 18, 2024 · 4b36615 · 4b36615
1 parent 198b0fb
commit 4b36615
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/content/browser/webid/federated_auth_request_impl.cc b/content/browser/webid/federated_auth_request_impl.cc
@@ -205,10 +205,22 @@ std::string ComputeUrlEncodedTokenPostData(
                    /*use_plus=*/true);
     }
 
-    for (const auto& pair : params) {
-      query += "&param_" +
-               base::EscapeUrlEncodedData(pair.first, /*use_plus=*/true) + "=" +
-               base::EscapeUrlEncodedData(pair.second, /*use_plus=*/true);
+    if (!params.empty()) {
+      base::Value::Dict param_dict;
+      for (const auto& pair : params) {
+        // TODO(crbug.com/368087170): Remove before shipping this.
+        query += "&param_" +
+                 base::EscapeUrlEncodedData(pair.first, /*use_plus=*/true) +
+                 "=" +
+                 base::EscapeUrlEncodedData(pair.second, /*use_plus=*/true);
+        // For JSON serialization
+        param_dict.Set(pair.first, pair.second);
+      }
+      std::optional<std::string> json = base::WriteJson(param_dict);
+      if (json) {
+        query +=
+            "&params=" + base::EscapeUrlEncodedData(*json, /*use_plus=*/true);
+      }
     }
   }
 

diff --git a/content/browser/webid/webid_browsertest.cc b/content/browser/webid/webid_browsertest.cc
@@ -1426,7 +1426,11 @@ IN_PROC_BROWSER_TEST_F(WebIdAuthzBrowserTest, Authz_noPopUpWindow) {
             content += "fields=name,email,picture&";
             content += "param_%3F+gets+://=%26+escaped+!&";
             content += "param_foo=bar&";
-            content += "param_hello=world";
+            content += "param_hello=world&";
+            content +=
+                "params=%7B%22%3F+gets+://"
+                "%22:%22%26+escaped+!%22,%22foo%22:%22bar%22,%22hello%22:%"
+                "22world%22%7D";
 
             EXPECT_EQ(request.content, content);