Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use credential type registry for permissions + digital credentials #242

Merged
merged 20 commits into from
Jul 24, 2024

Conversation

marcoscaceres
Copy link
Member

@marcoscaceres marcoscaceres commented Jul 1, 2024

Now allows registration of Permission Policy, and added Digital Credentials.

The following tasks have been completed:

  • Modified Web platform tests (link to pull request)

Implementation commitment:


Preview | Diff

@@ -98,20 +98,15 @@ spec:css-syntax-3;
</pre>
<pre class="biblio">
{
"FEDCM": {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already in Specref... don't need this... or WEB-OTP

@@ -965,8 +988,6 @@ spec:css-syntax-3;
1. If |interface| does not support {{CredentialMediationRequirement/conditional}}
[=user mediation=], return [=a promise rejected with=] a "{{TypeError}}" {{DOMException}}.

1. Let |p| be [=a new promise=].
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was defined before it was used! oops!

index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
@marcoscaceres marcoscaceres requested a review from nsatragno July 1, 2024 06:07
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
Copy link
Member

@nsatragno nsatragno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a lot cleaner than listing every permission policy as its own step, thank you! Some comments:

index.bs Outdated
<td>[[FEDCM]]</td>
<td><a href="https://www.w3.org/community/fed-id/">W3C</a></td>
</tr>
<tr>
<td>otp</td>
<td>otp</td>
<td>{{OTPCredential}}</td>
<td>otp-credentials</td>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like you're missing a <td>null</td> here.

index.bs Outdated Show resolved Hide resolved
index.bs Outdated
[=allowed to use=] the [=identity-credentials-get=]
[=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}"
{{DOMException}}.
1. For each |permission| in |options|' [=credential type registry/Get Permissions Policy=]:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be something like:

1. For each |interface| in |options|' <a>relevant credential interface objects</a>:
  1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=].
  2. If |permission| is null, continue.
  3. If |document| is **not** [=allowed to use=] |permission|, return 
           [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.

Otherwise, we're looping through all the permissions regardless of what's in our options object.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh yeah.. oops... 🙈

index.bs Outdated
[=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=]
[=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}"
{{DOMException}}.
1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. Also, at this stage we still have a list of credential types to loop through. It's not until L1203 that we assert there's only one credential.

(Ideally, we'd make the permissions policy check after verifying there's only one credential, but we already shipped this and it's not that big of a deal).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, yeah... I'm also unsure as to why there's a document check below... it seems unnecessary with the fully active check above.

index.bs Outdated Show resolved Hide resolved
Copy link
Member

@nsatragno nsatragno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, thank you!

@nsatragno nsatragno merged commit ee91210 into main Jul 24, 2024
2 checks passed
@nsatragno nsatragno deleted the permissions_policy branch July 24, 2024 16:34
github-actions bot added a commit that referenced this pull request Jul 24, 2024
)

SHA: ee91210
Reason: push, by nsatragno

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants