Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify the mode API #660

Merged
merged 17 commits into from
Nov 18, 2024
77 changes: 54 additions & 23 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -623,8 +623,11 @@ This specification introduces an extension to the {{CredentialRequestOptions}} o
The {{IdentityCredentialRequestOptions}} contains a list of
{{IdentityProviderConfig}}s that the [=RP=] supports and has
pre-registered with (i.e. the [=IDP=] has given the [=RP=] a `clientId`).
The {{IdentityCredentialRequestOptions}} also contains a {{IdentityCredentialRequestOptionsContext}}
which the user agent can use to provide a more meaningful dialog to users.
The {{IdentityCredentialRequestOptions}} also contains an
{{IdentityCredentialRequestOptionsContext}}, which the user agent can use to
provide a more meaningful dialog to users, and an
{{IdentityCredentialRequestOptionsMode}}, which the user agent can use to
specify different behaviors or dialog types.

<xmp class=idl>
enum IdentityCredentialRequestOptionsContext {
Expand All @@ -634,9 +637,15 @@ enum IdentityCredentialRequestOptionsContext {
"continue"
};

enum IdentityCredentialRequestOptionsMode {
"active",
"passive"
};

dictionary IdentityCredentialRequestOptions {
required sequence<IdentityProviderRequestOptions> providers;
IdentityCredentialRequestOptionsContext context = "signin";
IdentityCredentialRequestOptionsMode mode = "passive";
};
</xmp>

Expand Down Expand Up @@ -774,27 +783,34 @@ To <dfn>create an IdentityCredential</dfn> given an {{IdentityProviderRequestOpt
or a pair (failure, bool), where the bool indicates whether to skip delaying
the exception thrown.
1. Assert: These steps are running [=in parallel=].
1. Let |mode| be |options|'s {{IdentityCredentialRequestOptions/mode}}.
1. If |mode| is [=active=]:
1. Let |W| be |globalObject|'s [=associated Window=].
1. If |W| does not have [=transient activation=], return (failure, true).
1. Otherwise, if there is a pending request where |mode| is [=passive=]
on |W|'s [=Window/navigable=]'s [=navigable/top-level traversable=]
or on any of its descendants, reject the pending request with a
"{{NetworkError}}" {{DOMException}}.
1. Let |loginStatus| be the result of [=get the login status=] with
tttzach marked this conversation as resolved.
Show resolved Hide resolved
the [=/origin=] of |provider|'s {{IdentityProviderConfig/configURL}}.
1. If |loginStatus| is [=unknown=], a user agent MAY set it to [=logged-out=].
1. If |loginStatus| is [=logged-out=], the user agent MUST do one of the following:

* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].

* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).

Issue: We should perhaps provide a way to let the [=RP=] request that
the second option is provided, possibly gated on a user gesture.
See [this issue](https://github.com/fedidcg/FedCM/issues/442) for discussion.
1. If |loginStatus| is [=logged-out=]:
1. If |mode| is [=active=]:
1. Let |result| be the result of running
[=fetch the config file and show an IDP login dialog=] with
|provider| and |globalObject|.
1. If |result| is failure, return (failure, true).
1. Otherwise, the user agent MUST do one of the following:
* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].
* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |result| be the result of running
[=fetch the config file and show an IDP login dialog=]
with |provider| and |globalObject|.
1. If |result| is failure, return (failure, true).
1. Let |requiresUserMediation| be |provider|'s {{IdentityProviderConfig/configURL}}'s [=/origin=]'s
[=requires user mediation=].
1. Let |mediation| be |options|'s {{CredentialRequestOptions/mediation}}.
Expand Down Expand Up @@ -884,7 +900,8 @@ the exception thrown.
1. If [=compute the connection status=] of |account|, |provider| and |globalObject| returns
[=compute the connection status/connected=], show a dialog to request user permission to sign
in via |account|, and set the result in |permission|. The user agent MAY use |options|'s
{{IdentityCredentialRequestOptions/context}} to customize the dialog.
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog.
1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
algorithm with |account|, |config|, |provider|, and |globalObject|. Also set
|disclosureTextShown| to true.
Expand Down Expand Up @@ -1290,8 +1307,9 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
is defined, and the |provider|'s {{IdentityProviderConfig/clientId}} is not in the list of
|account|["{{IdentityProviderAccount/approved_clients}}"], then the user agent MUST display
the |metadata|["{{IdentityProviderClientMetadata/terms_of_service_url}}"] link.
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. The user agent MAY use the
tttzach marked this conversation as resolved.
Show resolved Hide resolved
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog shown.
1. If the user does not grant permission, return false.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and
|globalObject|.
Expand Down Expand Up @@ -1458,6 +1476,19 @@ success or failure.
1. Otherwise, return failure.
</div>

<div algorithm>
To <dfn>fetch the config file and show an IDP login dialog</dfn> given an
{{IdentityProviderConfig}} |provider|, and a |globalObject|, run the following
steps. This returns success or failure.
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. Assert: these steps are running [=in parallel=].
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return failure.
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm succeeds, return success.
1. Otherwise, return failure.
</div>

<!-- ============================================================ -->
## The IdentityProvider Interface ## {#browser-api-identity-provider-interface}
<!-- ============================================================ -->
Expand Down
Loading