navigator.credentials.get({
- "types": [ "federated" ],
- "options": {
+ [ "password", "federated" ],
+ {
+ "federated": {
"providers": [ "https://federation.com" ]
+ }
}
}).then(
function(credential) {
@@ -283,12 +283,14 @@ Federated Sign-in
if (credential.type == "federated") {
switch (credential.provider) {
case "https://www.facebook.com/":
- // Use Facebook's SDK, a la https://developers.facebook.com/docs/facebook-login/login-flow-for-web/#logindialog
+ // Use Facebook's SDK, a la
+ // https://developers.facebook.com/docs/facebook-login/login-flow-for-web/#logindialog
FB.login(function (response) {
if (response.status === "authorized") {
// Can now use FB.api() calls
} else {
- // Explain to the user that we would really like them to click "Log me in"
+ // Explain to the user that we would really like them to
+ // click "Log me in".
}
});
break;
@@ -543,6 +545,11 @@ Credential
readonly attribute USVString iconURL;
};
+
+
+ LocallyStoredCredential
+
+
- name
-
@@ -568,9 +575,9 @@
Credential
All {{LocallyStoredCredential}} objects MUST define an
options matching
- algorithm which returns
Match if the object matches an
- {{CredentialRequest/options}} dictionary, and
Does Not Match
- otherwise.
+ algorithm which returns
Match if the object
+ matches a {{CredentialRequestOptions}} object, and
Does Not
+ Match otherwise.
PasswordCredential
@@ -616,7 +623,7 @@
{{PasswordCredential}} objects' options matching algorithm always
- returns Match.
+ returns Match.
FederatedCredential
@@ -656,21 +663,29 @@
{{FederatedCredential}} objects' options matching algorithm is as
follows. Given a {{FederatedCredential}} (credential) and a
- {{CredentialRequest/options}} (options):
+ {{CredentialRequestOptions}} (options):
-
- If options has a
+ Let federated be the value of options's
+ {{CredentialRequestOptions/federated}} property.
+
+ -
+ If federated is
undefined or null,
+ return Does Not Match.
+
+ -
+ If federated has a
{{FederatedCredentialRequestOptions/providers}} property:
-
- For each provider in options'
+ For each provider in federated'
providers list:
-
- Return
Matches if credential's
+ Return Matches if credential's
{{FederatedCredential/provider}} is a case-sensitive match for
provider.
@@ -679,17 +694,17 @@
-
- If options has a
+ If federated has a
{{FederatedCredentialRequestOptions/protocols}} property:
-
- For each protocol in options'
+ For each protocol in federated'
{{FederatedCredentialRequestOptions/protocols}} list:
-
- Return
Matches if credential's
+ Return Matches if credential's
{{FederatedCredential/protocol}} is a case-insensitive match for
protocol.
@@ -698,7 +713,7 @@
-
- Return
Does Not Match.
+ Return Does Not Match.
@@ -714,7 +729,7 @@ Credential Manager
};
interface CredentialContainer {
- Promise<Credential?> get(optional CredentialRequest request);
+ Promise<Credential?> get(sequence<DOMString> types, CredentialRequestOptions? options);
Promise<Credential> store(optional Credential credential);
Promise<void> requireUserMediation();
};
@@ -722,9 +737,22 @@ Credential Manager
- get()
-
- Request a credential from the credential manager. The user agent MUST
- execute the algorithm defined in [[#request-credential]] with
- request as an argument.
+ Request a credential from the credential manager.
+
+ The {{types!!argument}} argument contains a sequence of strings specifying
+ the types of {{Credential}} objects which the caller wishes to obtain. An
+ empty sequence signifies that the caller will accept any credential type.
+ For processing details, see the algorithm defined in
+ [[#request-credential]].
+
+ The {{options!!argument}} argument contains an object filled with
+ type-specific sets of parameters which will be used to select a
+ particular {{Credential}} to return. This process is described in each
+ {{Credential}} type's options matching algorithm.
+
+ When {{get()}} is called, the user agent MUST execute the algorithm
+ defined in [[#request-credential]] on types and
+ options.
Note: If and when we need to support returning more than a single
credential in response to a single call, we will likely introduce a
@@ -765,12 +793,12 @@
In order to obtain the desired {{Credential}} via
{{CredentialContainer/get()}}, the caller specifies a few parameters in a
- {{CredentialRequest}} dictionary.
+ {{CredentialRequestOptions}} object.
- Note: The {{CredentialRequestOptions}} typedef is an extension point. If and
+ Note: The {{CredentialRequestOptions}} dictionary is an extension point. If and
when new types of credentials are introduced that require options, their
- dictionary types will be added to the typedef so they can be passed into the
- request.
+ dictionary types will be added to the dictionary so they can be passed into the
+ request. See [[#implementation-extension]].
dictionary FederatedCredentialRequestOptions {
@@ -778,12 +806,11 @@
sequence<DOMString> protocols;
};
- typedef FederatedCredentialRequestOptions CredentialRequestOptions;
+ dictionary CredentialRequestOptions {
+ object? password;
+ FederatedCredentialRequestOptions? federated;
- dictionary CredentialRequest {
- CredentialRequestOptions options;
boolean suppressUI = false;
- sequence<DOMString> types;
};
@@ -792,30 +819,21 @@
An array of federation identifiers. For details regarding valid formats
see [[#identifying-federations]].
-
-
- - types
+ - protocols
-
- A sequence of strings specifying the types of {{Credential}} objects which
- the caller wishes to obtain. An empty sequence signifies that the caller
- will accept any credential type. For processing details, see the algorithm
- defined in [[#request-credential]].
+ A sequence of protocol identifiers.
+
+
- suppressUI
-
- If
true, the user agent will only attempt to provide a
- {{Credential}} without user interaction: if the user has explicitly
+ If true, the user agent will only attempt to provide
+ a {{Credential}} without user interaction: if the user has explicitly
opted-into always giving a particular site access to a particular set of
credentials, they will be provided. If not, the promise will resolve with
undefined. For processing details, see the algorithm defined
in [[#request-credential]].
- - options
- -
- An dictionary containing a set of parameters which will be used to select
- a particular {{Credential}} to return. This process is described in each
- {{Credential}} type's options matching algorithm.
-
@@ -824,10 +842,12 @@
via the following call:
- navigator.credentials.get({
- "types": [ "federated" ],
- "options": {
+ navigator.credentials.get(
+ [ "federated" ],
+ {
+ "federated": {
"providers": [ "https://identity.example.com/" ]
+ }
}
}).then(function (credential) {
// ...
@@ -840,13 +860,15 @@
automatically sign into the origin):
- navigator.credentials.get({
- "types": [ "federated" ],
- "options": {
+ navigator.credentials.get(
+ [ "federated" ],
+ {
+ "federated": {
"providers": [ "https://identity.example.com/" ]
- },
- "suppressUI": true
- }).then(function (credential) {
+ },
+ "suppressUI: true
+ }
+ ).then(function (credential) {
// ...
});
@@ -897,7 +919,8 @@
Request a Credential
- Given a {{CredentialRequest}} object (request), this
+ Given a sequence<DOMString> (types) and a
+ {{CredentialRequestOptions}} object (options), this
algorithm returns a Promise which resolves with either a
single {{Credential}} object if one can be obtained, or undefined
if not.
@@ -932,7 +955,7 @@
-
Let type be lowest common ancestor interface of the types
- referenced in request's {{CredentialRequest/types}} property.
+ referenced in types.
ISSUE(w3c/webappsec#289): This is terribly hand-wavey. The intent is
clear, but I need to do the work to walk through the list of DOMStrings
@@ -958,9 +981,8 @@
-
Let result be the result of executing
[[#request-locallystoredcredential-without-mediation]],
- passing in origin, request's
- {{CredentialRequest/types}} property, and
- request's {{CredentialRequest/options}} property.
+ passing in origin, types and
+ options.
-
If result is not
null, resolve
@@ -968,9 +990,11 @@
algorithm.
-
- If request's {{CredentialRequest/suppressUI}}
+ If request's {{CredentialRequestOptions/suppressUI}}
is
true, resolve promise with
undefined, and terminate this algorithm.
+
+ ISSUE: Do something here. Maybe this should be part of options?
-
If this algorithm would not be allowed to show a popup,
@@ -983,9 +1007,8 @@
-
Resolve promise with the result of executing
[[#request-locallystoredcredential-with-mediation]],
- passing in origin, request'
- {{CredentialRequest/types}} property, and
- request' {{CredentialRequest/options}} property.
+ passing in origin, types, and
+ options.
@@ -1002,8 +1025,8 @@
{{LocallyStoredCredential}} isn't the only type? For example, how could an
author pull some "RemoteCredential" that required interaction with a
third-party, but fall back to a {{PasswordCredential}}? For the moment, we're
- resolving this by rejecting the promise if the types listed in
- {{CredentialRequest/types}} aren't all instances of the same type, but that
+ resolving this by rejecting the promise if the types listed in {{get()}}'s
+ {{types!!argument}} aren't all instances of the same type, but that
seems like something we'd want to fix.
@@ -1082,7 +1105,7 @@
Given an origin (origin), and a sequence of {{DOMString}}
- (types), and an {{CredentialRequest/options}} dictionary
+ (types), and an {{CredentialRequestOptions}} dictionary
(options), this algorithm returns a sequence of
{{LocallyStoredCredential}} from the user agent's credential store
which are potential candidates:
@@ -1106,7 +1129,7 @@
-
Remove any items from credentials whose options matching
- algorithm returns
Does Not Match when executed on
+ algorithm returns Does Not Match when executed on
options.
-
@@ -1119,7 +1142,7 @@
This algorithm accepts an origin (origin), a sequence of
- type names (types) and an {{CredentialRequest/options}} dictionary
+ type names (types) and an {{CredentialRequestOptions}} dictionary
(options), and returns either a single {{LocallyStoredCredential}}
object if and only if one can be provided without user
mediation, or
null if not.
@@ -1164,7 +1187,7 @@
This algorithm accepts an origin (origin), a sequence of
- type names (types) and an {{CredentialRequest/options}} dictionary
+ type names (types) and an {{CredentialRequestOptions}} dictionary
(options), and returns either a single {{LocallyStoredCredential}}
object, or null if none can be provided.
@@ -1580,8 +1603,8 @@ Synthesizing Credentials
-
Switch on the interface whose {{Credential/type}} property matches one of
- the items in the {{CredentialRequest}} {{CredentialRequest/types}}
- sequence, and execute the associated steps:
+ the items in {{get()}}'s {{types!!argument}} argument, and execute the associated
+ steps:
- {{FederatedCredential}}
@@ -1873,24 +1896,32 @@ Extension Points
-
Define a new
ExampleCredential that inherits from
- {{Credential}}:
+ {{Credential}}, and define the value of its {{[[type]]}} slot:
interface ExampleCredential : Credential {
// Definition goes here.
};
+
+ ...
+
+ All `ExampleCredential` objects have their [[type]] slot's
+ value set to the string "example".
-
Define the options that the new credential type requires, and add them
- to the {{CredentialRequestOptions}} typedef:
+ to the {{CredentialRequestOptions}} dictionary with a property name that
+ matches the {{[[type]]}} slot's value.
dictionary ExampleCredentialRequestOptions {
// Definition goes here.
};
- typedef (FederatedCredentialRequestOptions or ExampleCredentialRequestOptions) CredentialRequestOptions;
+ partial dictionary CredentialRequestOptions {
+ ExampleCredentialRequestOptions? example;
+ };
-