Bug 1896018 [wpt PR 46192] - [FedCM] Replace the scopes API with the …

…fields API, a=testonly

Automatic update from web-platform-tests
[FedCM] Replace the scopes API with the fields API

This implements the new proposal here:
https://github.com/fedidcg/FedCM/issues/559

If one or two but not all of ["name", "email", "picture"] are requested,
we reject the promise. Otherwise, we show the disclosure text if
either field is not specified or contains the three default fields.
All specified fields are passed to the server in the "fields" parameter;
if fields was unspecified we pass the default fields here.

All this is for forwards compatibility.

Bug: 40262526, 340194462
Change-Id: I13833691e5f2851f0dc8e9568d007e57a47b8127
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5529071
Reviewed-by: Yi Gu <[email protected]>
Reviewed-by: Brendon Tiszka <[email protected]>
Commit-Queue: Christian Biesinger <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1300264}

--

wpt-commits: e40e7e0043824d384d9fd0a71cc6000ca75e1236
wpt-pr: 46192

testing/web-platform/tests/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html

@@ -16,10 +16,42 @@
 fedcm_test(async t => {
   let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json");
   options.identity.providers[0].clientId = "0";
-  options.identity.providers[0].scope = ["non_default_scope"];
+  options.identity.providers[0].fields = ["non_default_field"];
+  options.identity.providers[0].nonce = "non_default_field";
   const cred = await fedcm_get_and_select_first_account(t, options);
   assert_equals(cred.token, "token");
   assert_equals(cred.isAutoSelected, false);
-}, "We should send disclosure_text_shown=false when custom scopes are passed.");
+}, "We should send disclosure_text_shown=false when custom fields are passed.");
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].fields = [];
+  options.identity.providers[0].nonce = "";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=false when an empty custom fields array is passed.");
+
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].nonce = "name,email,picture";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=true when no custom fields are passed.");
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].fields = ["name", "email", "picture", "locale"];
+  options.identity.providers[0].nonce = "name,email,picture,locale";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=true when custom fields are passed in addition to standard fields.");
+
 
 </script>

testing/web-platform/tests/credential-management/support/fedcm/manifest_check_disclosure_shown_true.json

@@ -0,0 +1,7 @@
+{
+  "accounts_endpoint": "accounts.py",
+  "client_metadata_endpoint": "client_metadata.py",
+  "id_assertion_endpoint": "token_check_disclosure_shown_true.py",
+  "login_url": "login.html"
+}
+

testing/web-platform/tests/credential-management/support/fedcm/token_check_disclosure_shown_false.py

@@ -6,8 +6,14 @@ def main(request, response):
   if (request_error):
     return request_error
 
+  nonce = request.POST.get(b"nonce") or b""
   if request.POST.get(b"disclosure_text_shown") != b"false":
     return (560, [], "disclosure_text_shown is not false")
+  if request.POST.get(b"disclosure_shown_for") is not None:
+    return (561, [], "disclosure_shown_for is not None")
+  fields = request.POST.get(b"fields") or b""
+  if fields != nonce:
+    return (562, [], "fields does not match nonce")
 
   response.headers.set(b"Content-Type", b"application/json")
   response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))

testing/web-platform/tests/credential-management/support/fedcm/token_check_disclosure_shown_true.py

@@ -0,0 +1,22 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+  request_error = error_checker.tokenCheck(request)
+  if (request_error):
+    return request_error
+
+  nonce = request.POST.get(b"nonce") or b""
+  if request.POST.get(b"disclosure_text_shown") != b"true":
+    return (560, [], "disclosure_text_shown is not true")
+  if request.POST.get(b"disclosure_shown_for") != b"name,email,picture":
+    return (561, [], "disclosure_shown_for is not name,email,picture")
+  fields = request.POST.get(b"fields") or b""
+  if fields != nonce:
+    return (562, [], "fields does not match nonce")
+
+  response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
+
+  return "{\"token\": \"token\"}"