From be49ab5c00450bbedc2d3f5ce72adb8ae8724189 Mon Sep 17 00:00:00 2001 From: npm1 Date: Fri, 23 Jun 2023 14:00:23 -0400 Subject: [PATCH 1/4] Returning accounts go first in getUserInfo This PR fixes the way an account is chosen as returning for getUserInfo: if approvedClients is available, that is considered the source of truth. Also, the returning list should list the returning accounts first, and then all the remaining accounts. --- spec/index.bs | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index 3754e147..f4ff4752 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1204,23 +1204,28 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP {{DOMException}}. 1. Let |accountsList| be the result of [=fetch the accounts list=] with |config|, |provider|, and |globalObject|. - 1. Let |hasReturningAccount| be false. - 1. For each |account| in |accountsList|: - 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] is not empty and it does not - [=list/contain=] |provider|'s {{IdentityProviderConfig/clientId}}, continue. + 1. Let |isReturningAccount| be a new [=list=] of the same length as |accountsList|, with all + values initially set to false. + 1. For each |i| from 0 to the length of |accountsList| minus 1: + 1. Let |account| be |accountsList|[i]. + 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] is not empty: + 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] [=list/contain=] + |provider|'s {{IdentityProviderConfig/clientId}}, set |isReturningAccount|[i] to true. Note: this allows the [=IDP=] to override whether an account is a returning account. This could be useful for instance in cases where the user has revoked the account out of band. - 1. [=Compute the connection status=] of |provider|, |account|, and |globalObject|. If the - result is [=compute the connection status/connected=], set |hasReturningAccount| to + 1. Otherwise, [=compute the connection status=] of |provider|, |account|, and |globalObject|. If the + result is [=compute the connection status/connected=], set |isReturningAccount|[i] to true. - 1. If |hasReturningAccount| is false, [=reject=] |promise| with a new "{{NetworkError}}" - {{DOMException}}. + 1. If |isReturningAccount| does not [=list/contain=] true, [=reject=] |promise| with a new + "{{NetworkError}}" {{DOMException}}. 1. Let |userInfoList| be a new [=list=]. - 1. For each |account| in |accountsList|: - 1. [=list/Append=] an {{IdentityUserInfo}} to |userInfoList| with the following values: + 1. Let |notReturningUserInfos| be a new [=list=]. + 1. For each |i| from 0 to the length of |accountsList| minus 1: + 1. Let |account| be |accountsList|[i]. + 1. Let |userInfo| be an {{IdentityUserInfo}} with the following values: : {{IdentityUserInfo/email}} :: |account|["{{IdentityProviderAccount/email}}"] @@ -1230,6 +1235,9 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP :: |account|["{{IdentityProviderAccount/given_name}}"] : {{IdentityUserInfo/picture}} :: |account|["{{IdentityProviderAccount/picture}}"] + 1. If |isReturningAccount|[i], [=list/append=] |userInfo| to |userInfoList|. + 1. Otherwise, [=list/append=] |userInfo| to |notReturningUserInfos|. + 1. [=list/Extend=] |userInfo| with |notReturningUserInfos|. 1. [=Resolve=] a new {{Promise}} with |userInfoList|. From b1a303d6650802a396a5fe5bb41e029a48e66ac9 Mon Sep 17 00:00:00 2001 From: npm1 Date: Fri, 23 Jun 2023 14:06:04 -0400 Subject: [PATCH 2/4] Add i mentions --- spec/index.bs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index f4ff4752..cedc8336 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1151,12 +1151,12 @@ to the [=IDP=] once the user has already used the FedCM API to login in the [=RP exposed when there exists an account |account| such that the [=connected accounts set=] [=list/contains=] the triple ([=RP=], [=IDP=], |account|). The information matches what is received from the accounts list endpoint. The [=IDP=] can obtain this information by invoking the -{{IdentityProvider/getUserInfo()}} static method from an iframe matching the [=/origin=] of its +{{IdentityProvider/()}} static method from an iframe matching the [=/origin=] of its {{IdentityProviderConfig/configURL}}.
```js -const userInfo = await IdentityProvider.getUserInfo({ +const userInfo = await IdentityProvider.({ configUrl: "https://idp.example/fedcm.json", clientId: "client1234" }); @@ -1207,24 +1207,24 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP 1. Let |isReturningAccount| be a new [=list=] of the same length as |accountsList|, with all values initially set to false. 1. For each |i| from 0 to the length of |accountsList| minus 1: - 1. Let |account| be |accountsList|[i]. + 1. Let |account| be |accountsList|[|i|]. 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] is not empty: 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] [=list/contain=] - |provider|'s {{IdentityProviderConfig/clientId}}, set |isReturningAccount|[i] to true. + |provider|'s {{IdentityProviderConfig/clientId}}, set |isReturningAccount|[|i|] to true. Note: this allows the [=IDP=] to override whether an account is a returning account. This could be useful for instance in cases where the user has revoked the account out of band. 1. Otherwise, [=compute the connection status=] of |provider|, |account|, and |globalObject|. If the - result is [=compute the connection status/connected=], set |isReturningAccount|[i] to + result is [=compute the connection status/connected=], set |isReturningAccount|[|i|] to true. 1. If |isReturningAccount| does not [=list/contain=] true, [=reject=] |promise| with a new "{{NetworkError}}" {{DOMException}}. 1. Let |userInfoList| be a new [=list=]. 1. Let |notReturningUserInfos| be a new [=list=]. 1. For each |i| from 0 to the length of |accountsList| minus 1: - 1. Let |account| be |accountsList|[i]. + 1. Let |account| be |accountsList|[|i|]. 1. Let |userInfo| be an {{IdentityUserInfo}} with the following values: : {{IdentityUserInfo/email}} @@ -1235,7 +1235,7 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP :: |account|["{{IdentityProviderAccount/given_name}}"] : {{IdentityUserInfo/picture}} :: |account|["{{IdentityProviderAccount/picture}}"] - 1. If |isReturningAccount|[i], [=list/append=] |userInfo| to |userInfoList|. + 1. If |isReturningAccount|[|i|], [=list/append=] |userInfo| to |userInfoList|. 1. Otherwise, [=list/append=] |userInfo| to |notReturningUserInfos|. 1. [=list/Extend=] |userInfo| with |notReturningUserInfos|. 1. [=Resolve=] a new {{Promise}} with |userInfoList|. From 1a807392514dee9b1cf68e750393029500917f6e Mon Sep 17 00:00:00 2001 From: npm1 Date: Fri, 23 Jun 2023 14:07:08 -0400 Subject: [PATCH 3/4] fix --- spec/index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index cedc8336..86b81bfa 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1151,12 +1151,12 @@ to the [=IDP=] once the user has already used the FedCM API to login in the [=RP exposed when there exists an account |account| such that the [=connected accounts set=] [=list/contains=] the triple ([=RP=], [=IDP=], |account|). The information matches what is received from the accounts list endpoint. The [=IDP=] can obtain this information by invoking the -{{IdentityProvider/()}} static method from an iframe matching the [=/origin=] of its +{{IdentityProvider/getUserInfo()}} static method from an iframe matching the [=/origin=] of its {{IdentityProviderConfig/configURL}}.
```js -const userInfo = await IdentityProvider.({ +const userInfo = await IdentityProvider.getUserInfo({ configUrl: "https://idp.example/fedcm.json", clientId: "client1234" }); From 2d7c73e6ade2a08dd37be8033ad36b84cafdc38b Mon Sep 17 00:00:00 2001 From: npm1 Date: Fri, 23 Jun 2023 15:01:04 -0400 Subject: [PATCH 4/4] Revert computation of returning --- spec/index.bs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index 86b81bfa..c7eeaea3 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1208,15 +1208,14 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP values initially set to false. 1. For each |i| from 0 to the length of |accountsList| minus 1: 1. Let |account| be |accountsList|[|i|]. - 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] is not empty: - 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] [=list/contain=] - |provider|'s {{IdentityProviderConfig/clientId}}, set |isReturningAccount|[|i|] to true. - + 1. If |account|["{{IdentityProviderAccount/approved_clients}}"] is not empty and it does not + [=list/contain=] |provider|'s {{IdentityProviderConfig/clientId}}, continue. + Note: this allows the [=IDP=] to override whether an account is a returning account. This could be useful for instance in cases where the user has revoked the account out of band. - - 1. Otherwise, [=compute the connection status=] of |provider|, |account|, and |globalObject|. If the + + 1. [=Compute the connection status=] of |provider|, |account|, and |globalObject|. If the result is [=compute the connection status/connected=], set |isReturningAccount|[|i|] to true. 1. If |isReturningAccount| does not [=list/contain=] true, [=reject=] |promise| with a new