Adds Credential API and Payment API

[agektmr]

Adding Credential API and Payment API a la my demo introduced at Polymer Summit session. This is a continuation work of #70 .

[ppshein]

shop-account.html:148 Uncaught TypeError: Cannot read property 'gSignIn' of undefined

Encountered above error when click close browser button of google signIn authentication pop-up and then persistently occurred above error whenever click on google signIn button.

[agektmr]

@ppshein Odd. There shouldn't be need for manually closing a pop up window opened for Google Sign-In. Can you describe the flow step by step? Make sure to remove all cache from DevTools.
"Application" > "Clear storage" and press "Clear site storage".

[ppshein]

@agektmr I just clicked google signIn button, then popup is displayed. At that time, click close button of browser instead of no click on Deny and Allow of that popup. After that, popup is closed and spinner was displaying permanently as never disappeared. That's why refresh browser and click on Google SignIn button then show error message as I mentioned above.

https://i.imgsafe.org/d9a58b9c4c.png

[agektmr]

@ppshein Did you put client_secrets.json as described in README.md?

[ppshein]

@agektmr I just used & tested website link you mentioned above only https://polykart-credential-payment.appspot.com

[agektmr]

@ppshein I just tried with my other gmail account and had no problem. Asked my neighbor to try as well but succeeded. Can you open the page with an incognito mode and try again?

[ppshein]

@agektmr Same as what I tried. Can you try to click on close button of browser without clicking anything on popup box?

[agektmr]

OK, I see what you mean. Issue reproduced. Will look into this.

[agektmr]

@ppshein Can you go back to root page "/" then reload, go back to "/account" and try sign-in?

[ppshein]

@agektmr everything is working correctly when I click "Allow" button of that popup as signing in. Problem is when I click on close button of browser and NOW "deny" button of that popup without going root page and reloading it.

[agektmr]

@ppshein Just going directly to this url will reproduce the issue.
This seems to be caused by async bootstrap of shop-account-data and obtaining it via iron-meta. Thinking about ways to solve this issue...

[agektmr]

@ppshein The issue should have been fixed. Can you try again?

[ppshein]

@agektmr same as before in Chrome. Btw, I've deleted all cookie & storage of google chrome.

shop-account.html:148 Uncaught TypeError: Cannot read property 'gSignIn' of undefined(…)_onGSignIn @ shop-account.html:148s @ shop-app.html:48

when open in safari, I've encountered following error in root page.

TypeError: undefined is not an object (evaluating 'this.accountData.autoSignIn(!0).then')

[agektmr]

How about this now?

• Added fetch polyfill for Safari
• Proper accountData handling
• Better exception handling

[ppshein]

@agektmr spinner should be disappeared when I click on close button of popup as should be calling same method of clicking on "Deny" button of it. :)

[agektmr]

@ppshein Hmm, Google Sign-In library doesn't omit reject response. I'll do an investigation but there seems no way to catch closing window as far as I see it now.

[FluorescentHallucinogen]

@blasten, PTAL.

[blasten]

Thanks for the PR! I can move the comments from #70 to this PR if that helps.

[blasten]

I think this is handling only one-level paths. e.g. https://polykart-credential-payment.appspot.com/list works, but https://polykart-credential-payment.appspot.com/list/mens_outerwear doesn't.

[agektmr]

I thought this was because AppEngine not handling multi level access correctly. If that's caused by app.route, can you instruct me how to fix?

[blasten]

After some discussion, I think we would like to avoid adding this server-side dependency to the demo. There's nothing wrong with it, but we advise folks to use the PRPL pattern and app engine doesn't have good support for H2 as of last time we tried. Would it be possible to just support Google Sign In by using the Google Sign In element?

[agektmr]

I can change to store credentials to local storage for demo purpose. This will take a while to fix though.

[blasten]

Is the idea that iron-localstorage would keep the user session alive if I refresh the page?

[agektmr]

I intentionally removed it to demonstrate session management (no session over window lifetime at the moment) and auto sign-in. I will add session management using cookie later.

[blasten]

.left-bar-item's width should be 80px now.

[agektmr]

Fixed.

[blasten]

If I close the popup without signing in with Google, the loading indicator remains active.

[agektmr]

That is a known issue on Google Sign-In side. I'm pinging Google Sign-in engineering team to fix it.

[blasten]

Would it be possible to use the Google sign-in element: https://elements.polymer-project.org/elements/google-signin?view=demo:demo/index.html&active=google-signin?

[agektmr]

I'll have a look into it.

[agektmr]

I've been looking into google-signin component but that requires number of changes in order to use it in this code. For example:

• A mechanism to send id_token to the server to verify the identity on server side
• A mechanism to provide user profile
• google-signin and google-signin-aware are tightly coupled. I would separate google-signin-aware as a separate component so it can be used without UI.

I can contribute to google-signin in the future, but it will be a significant work I would just leave it and keep current implementation.

[blasten]

If we don't use google-signin, could we use the "Sign in" design of the google-signin element? That design seems to fit better with the current shop's design.

Also, <div class="google-signin"> -> <button> so it's accessible.

[blasten]

After some discussion, I think we would like to avoid adding this server-side dependency to the demo. There's nothing wrong with it, but we advise folks to use the PRPL pattern and app engine doesn't have good support for H2 as of last time we tried. Would it be possible to just support Google Sign In by using the Google Sign In element?

[FluorescentHallucinogen]

Any progress?

[agektmr]

I was busy with Chrome Dev Summit. Will resume the work.

[agektmr]

OK, I've removed server side code and created a service worker based mock server (Phew).
Can you have another look through? @blasten

[blasten]

Would it be possible to remove https://apis.google.com/js/platform.js or load it async?

[FluorescentHallucinogen]

Maybe https://beta.webcomponents.org/element/GoogleWebComponents/google-apis/google-js-api?

[agektmr]

Good suggestion. I've used google-js-api as a dependency.

[FluorescentHallucinogen]

@agektmr, could you please explain why you don't use https://beta.webcomponents.org/element/GoogleWebComponents/google-signin/google-signin element? It uses google-js-api under the hood.

[agektmr]

It can't handle id_token.

[blasten]

If fetch requires a Polyfill, then we should use XHR.

[FluorescentHallucinogen]

@blasten, fetch is a polyfill, and since all modern browsers implement the window.fetch function natively, no code from this project actually takes any effect in these browsers. Please note that older browsers require Promise polyfill for fetch work.

[agektmr]

Unfortunately Credential Management API mandates fetch for AJAX.

[blasten]

If we don't use google-signin, could we use the "Sign in" design of the google-signin element? That design seems to fit better with the current shop's design.

Also, <div class="google-signin"> -> <button> so it's accessible.

[blasten]

@agektmr Thanks for the update! I left a few comments, but let me know if you would like me to help. If you add permissions to your copy, I could push a few changes.

[agektmr]

@blasten I've addressed all feedback. One remaining bit I have is if I should add a Promise polyfill or not. Without promises, there will be a major rewrite. What is the general policy on promise in Polymer team?

[blasten]

@agektmr Thanks for taking the time and sorry for the long time in getting this PR merged! We wanted to make sure that it won't have any perf regression. In that spirit, I have created the branch credential-payment-api. Would it be possible to send a PR against that branch? We will conduct a few tests and possibly make small changes. We will keep you in the loop and merge it to master as soon as possible! Probably after the holidays. Thank you!

[agektmr]

@blasten That is great to hear. I'll send a separate PR.
In the meanwhile, I was giving a deep dive into google-signin component and would like to propose a major change in the design. That will allow google-signin to be a part of this PR. I will detail the change in an issue I will raise in google-signin repository.

[agektmr]

FYI, GoogleWebComponents/google-signin#156

[blasten]

PR merged! cc @frankiefu

[FluorescentHallucinogen]

@frankiefu @blasten @agektmr Any plans to merge it to the master branch?

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that they're okay with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this State. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

[agektmr]

My understanding is this PR is no longer relevant. Please close if that's ok.

[FluorescentHallucinogen]

@agektmr

My understanding is this PR is no longer relevant. Please close if that's ok.

On 20 Dec 2016 your pull request #104 was merged by @blasten to credential-payment-api branch and closed, but for some reasons it was not merged to the master branch. After that the project was rewritten in Polymer 2 with ES6 classes. This pull request was never merged at all and now has conflicts with master branch that must be resolved. Could you please resolve the conflicts?

[keanulee]

From my understanding this branch/PR was made as a proof-of-concept of how Web Payments can be integrated into Shop, which is not necessarily part of Shop's primary goal of showing how to build a fast front-end PWA with Polymer. Feel free to examine this PR to get a sense of what is required, but otherwise I'm going to close this PR.