Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add third party cookie relaxations for FedCM #523

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 16 additions & 6 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -391,9 +391,16 @@ This returns <dfn for="compute the connection status">connected</dfn> or
1. Return [=compute the connection status/disconnected=].
1. Let |triple| be the result of running [=compute the connected account key=] given |provider|,
|account|, and |globalObject|.
1. Let |idpOrigin| be the [=url/origin=] corresponding to |provider|'s
{{IdentityProviderConfig/configURL}}.
1. Let |rpOrigin| be |globalObject|'s [=associated Document=]'s [=Document/origin=].
1. If [=connected accounts set=] [=list/contains=] |triple|, return
[=compute the connection status/connected=].
1. Return [=compute the connection status/disconnected=].
1. Otherwise, if account| [=map/contains=] {{IdentityProviderAccount/approved_clients}},
npm1 marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

|account|

|account|'s {{IdentityProviderAccount/approved_clients}} [=list/contains=] |provider|'s
{{IdentityProviderConfig/clientId}}, and third party cookies are available for |idpOrigin|
npm1 marked this conversation as resolved.
Show resolved Hide resolved
on |rpOrigin|, return [=compute the connection status/connected=].
npm1 marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we should call out that when connected is returned this way, UA should not create a connection here? It does say "Prompt the user to gather explicit intent to create an account" in step 3 from the link above.

1. Otherwise, return [=compute the connection status/disconnected=].
</div>

<div algorithm>
Expand Down Expand Up @@ -1525,13 +1532,16 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP
1. Let |document| be |globalObject|'s [=associated Document=].
1. If |document| is not [=allowed to use=] the [=identity-credentials-get=]
[=policy-controlled feature=], throw a "{{NotAllowedError}}" {{DOMException}}.
1. If there does not exist an account |account| such that [=connected accounts set=]
[=list/contains=] the result of [=compute the connected account key=] given |account|,
|provider|, and |globalObject|, then [=reject=] |promise| with a "{{NetworkError}}"
{{DOMException}}. This check can be performed by iterating over the
[=connected accounts set=] or by keeping a separate data structure to make this lookup fast.
1. Let |configUrl| be the result of running [=parse url=] with |provider|'s
{{IdentityProviderConfig/configURL}} and |globalObject|.
1. If both of the following are true, throw a new "{{NetworkError}}" {{DOMException}}:
* There does not exist an account |account| such that [=compute the connection status=] of
|provider|, |account|, and |globalObject| returns
[=compute the connection status/connected=]. This check can be performed by iterating
over the [=connected accounts set=] or by keeping a separate data structure to make this
lookup fast.
npm1 marked this conversation as resolved.
Show resolved Hide resolved
* There is third party cookie access for |configUrl|'s [=url/origin=] on |document|'s
npm1 marked this conversation as resolved.
Show resolved Hide resolved
[=Document/origin=].
1. If |configUrl| is failure, throw an "{{InvalidStateError}}" {{DOMException}}.
1. If |document|'s [=Document/origin=] is not [=same origin=] as |configUrl|'s [=url/origin=],
throw an "{{InvalidStateError}}" {{DOMException}}.
Expand Down
Loading