Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify the continuation API #662

Merged
merged 7 commits into from
Nov 18, 2024
Merged

Specify the continuation API #662

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
01d8942
Specify the continuation API
cbiesinger Oct 2, 2024
2ceb1dd
swap order
cbiesinger Oct 7, 2024
39d9fe9
first
cbiesinger Oct 7, 2024
7be08f8
rename and in parallel
cbiesinger Nov 12, 2024
92ec958
remove if necessary
cbiesinger Nov 18, 2024
2141ce2
Merge remote-tracking branch 'origin' into continue
cbiesinger Nov 18, 2024
fc5d885
failure
cbiesinger Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 49 additions & 4 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1240,9 +1240,25 @@ To <dfn>fetch an identity assertion</dfn> given a {{USVString}}
1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderToken}}, |token|.
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
1. If one of the previous two steps threw an exception, set |credential| to failure
and return.
1. If neither {{IdentityProviderToken/token}} nor {{IdentityProviderToken/continue_on}} was
specified, set |credential| to failure and return.
1. If {{IdentityProviderToken/token}} was not specified but
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
{{IdentityProviderToken/continue_on}} was specified:
1. Let |continueOnUrl| be the result of running [=parse url=] with |token|'s
{{IdentityProviderToken/continue_on}} and |globalObject|.
1. If |continueOnUrl| is failure, set |credential| to failure and return.
1. If |continueOnUrl| is not [=same origin=] with |tokenUrl|, set |credential|
to failure and return.
1. Let |tokenPair| be the result of [=show a continuation dialog=] with |continueOnUrl|.
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
1. If |tokenPair| is failure, set |credential| to failure and return.
1. Let |tokenString| be the first entry of |tokenPair|.
1. If the second entry of |tokenPair| is not null, set |accountId| to that second entry.
1. Otherwise, let |tokenString| be |token|'s {{IdentityProviderToken/token}}.
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
1. [=Create a connection between the RP and the IdP account=] with |provider|, |accountId|, and
|globalObject|.
1. Let |credential| be a new {{IdentityCredential}} given |globalObject|'s
<a for="global object">realm</a>.
1. Set |credential|'s {{IdentityCredential/token}} to |token|.
1. Set |credential|'s {{IdentityCredential/token}} to |tokenString|.
1. Set |credential|'s {{IdentityCredential/isAutoSelected}} to
|isAutoSelected|.
1. Wait for |credential| to be set.
Expand All @@ -1251,7 +1267,8 @@ To <dfn>fetch an identity assertion</dfn> given a {{USVString}}

<xmp class="idl">
dictionary IdentityProviderToken {
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
required USVString token;
USVString token;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you put some thought on how/whether we should think about forwards compatibility?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will address that in a later PR

USVString continue_on;
};
</xmp>

Expand Down Expand Up @@ -1293,8 +1310,6 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. If the user does not grant permission, return false.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and
|globalObject|.
1. Return true.
</div>

Expand Down Expand Up @@ -1458,6 +1473,31 @@ success or failure.
1. Otherwise, return failure.
</div>

<div algorithm>
To <dfn>show a continuation dialog</dfn> given a |continueOnUrl|, run the
following steps. This returns a failure or a tuple (string, string?) (a token
and an optional account ID).
1. Assert: these steps are running [=in parallel=].
1. [=Create a fresh top-level traversable=] with |continueOnUrl|.
1. The user agent MAY [=set up browsing context features=] or otherwise
affect the presentation of this traversable in an implementation-defined
way.
1. Wait for one of the following conditions:
* The user closes the browsing context: return failure.
* {{IdentityProvider}}.{{IdentityProvider/close}} is called in the
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this actually be a reject() if the completion mechanism is resolve() — borrowing naming from Promises?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah, that sounds nicer to me too!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That or something like abort(reason?: string) and finish(token: string, accountId?: string)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IdentityProvider.close already exists (added to support logging in), so we either need to make it do something or make a decision it should not do something in this context.

IdentityProvider.reject makes sense to me but I'd prefer waiting until we have the error API (#498) because that's what adds the error code and URL to the returned credential. We have no place to put the reason until then.

(for what it's worth, we also have no IDP feedback on an API like reject)

context of this new traversable:
1. Close the traversable.
1. Return failure.
* {{IdentityProvider}}.{{IdentityProvider/resolve()}} is called in
the context of this new traversable.
bvandersloot-mozilla marked this conversation as resolved.
Show resolved Hide resolved
1. Close the traversable.
1. Let |token| be the token that was passed to that resolve call.
1. If {{IdentityResolveOptions/accountId}} was specified in the
resolve call, let |accountId| be that account ID.
1. Otherwise, let |accountId| be null.
1. Return (|token|, |accountId|).

</div>
<!-- ============================================================ -->
## The IdentityProvider Interface ## {#browser-api-identity-provider-interface}
<!-- ============================================================ -->
Expand All @@ -1473,8 +1513,13 @@ This specification introduces the {{IdentityUserInfo}} dictionary as well as the
USVString picture;
};

dictionary IdentityResolveOptions {
USVString accountId;
};

[Exposed=Window, SecureContext] interface IdentityProvider {
static undefined close();
static undefined resolve(DOMString token, optional IdentityResolveOptions options = {});
bvandersloot-mozilla marked this conversation as resolved.
Show resolved Hide resolved
static Promise&lt;sequence&lt;IdentityUserInfo&gt;&gt; getUserInfo(IdentityProviderConfig config);
};
</pre>
Expand Down
Loading