Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FedCM IdP error responses #601

Open
panva opened this issue May 24, 2024 · 5 comments
Open

FedCM IdP error responses #601

panva opened this issue May 24, 2024 · 5 comments

Comments

@panva
Copy link

panva commented May 24, 2024

Currently the IdP has no way to return errors back to FedCM from neither the id_assertion_endpoint nor from within the Continuation API popup.

The only fulfillable response from is 200 OK that matches IdentityProviderToken from the endpoint or IdentityProvider.resolve from the Continuation API popup.

I believe there should be an error format specified, such as one that allows a 400-499 status code range and fields (conveniently borrowed format from OAuth) that would fulfill the RP's credential.get(), likely with a rejection?

dictionary IdentityProviderError {
  required USVString error;
  USVString error_description;
  USVString error_uri;
};

The Continuation API version of this, used e.g. when the end-user clicks on "cancel" / "abort" in the IdP prompt.

IdentityProvider.reject(<IdentityProviderError>data);

The rejection should allow discerning between IdP errors and FedCM errors, such as with specific Error subclasses FedCMIdentityProviderError so that the client can make a call such as

const credential = await navigator.credentials.get({
  // ...
}).catch((err) => {
  if (err instanceof FedCMIdentityProviderError) {
    console.error(err.message) // generic message that the IdP returned error
    console.error(err.details) // IdentityProviderError
    console.error(err.details.error) // e.g. access_denied
    console.error(err.details.error_description) // e.g. End-User aborted the flow (ERR 372)
    console.error(err.details.error_uri) // e.g. https://docs.idp/errors#explain-372
  }

  throw err
});
@panva panva changed the title id_assertion_endpoint error responses FedCM IdP error responses May 24, 2024
@npm1
Copy link
Collaborator

npm1 commented May 24, 2024

Oh, I realize we are yet to merge the PR for the error API to the spec :( see #498. So we do allow surfacing an error from the ID assertion endpoint. However, I don't think we allow IdentityProvider.resolve() to use this kind of error, so cannot surface it from continuation API.

@panva
Copy link
Author

panva commented May 24, 2024

Oh, I realize we are yet to merge the PR for the error API to the spec :( see #498. So we do allow surfacing an error from the ID assertion endpoint. However, I don't think we allow IdentityProvider.resolve() to use this kind of error, so cannot surface it from continuation API.

Since the same kind of errors may be the result of the assertion endpoint being called directly as well as its subsequent interactions I'd say both should allow the same error shape to be returned.

@npm1
Copy link
Collaborator

npm1 commented May 24, 2024

Note that the continuation API is still under development. This seems reasonable to me. @cbiesinger feature request :)

@cbiesinger
Copy link
Collaborator

Yes adding something like IdentityProvider.reject would make a lot of sense

@samuelgoto
Copy link
Collaborator

Yes adding something like IdentityProvider.reject would make a lot of sense

+1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants