Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep HOWTO-chrome.md up to date #506

Merged
merged 8 commits into from
Oct 18, 2023
Merged

Keep HOWTO-chrome.md up to date #506

Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c665d3b
Update HOWTO-chrome.md with Error API and AccountAutoSelected API
yi-gu Oct 3, 2023
7807b03
Address comments
yi-gu Oct 3, 2023
35db075
Update explorations/HOWTO-chrome.md
yi-gu Oct 4, 2023
671b116
Rename the API for extensibility
yi-gu Oct 12, 2023
013a93a
change lower case id
yi-gu Oct 17, 2023
3ccbb07
Update JS snippet
yi-gu Oct 17, 2023
8a6684e
nit
yi-gu Oct 17, 2023
a0f208f
remove flag for shipped feature
yi-gu Oct 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 69 additions & 5 deletions explorations/HOWTO-chrome.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ includes the time when the sign-up status was set.

## Experimental functionality

In order to test experimental functionality:
To test experimental functionality:

1. Download Google Chrome Canary. It is best to experiment with the latest
build possible to get the most up-to-date implementation.
Expand Down Expand Up @@ -67,7 +67,7 @@ succeeded or failed.

### LoginHint

In order to use the LoginHint API:
To use the LoginHint API:

* Enable the experimental feature `FedCmLoginHint` in `chrome://flags`.
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
* Add an array of `hints` to the accounts described in the accounts endpoint:
Expand Down Expand Up @@ -102,7 +102,7 @@ Now, only accounts with the "hint" provided will show in the chooser.

### UserInfo

In order to use the UserInfo API:
To use the UserInfo API:

* Enable the experimental feature `FedCmLoginHint` in `chrome://flags`.
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
* The RP must embed an IDP iframe, which will perform the query.
Expand All @@ -128,7 +128,7 @@ user_info.forEach( info => {

### RP Context

In order to use the RP Context API:
To use the RP Context API:

* Enable the experimental feature `FedCmRpContext` in `chrome://flags`.
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
* Provide the `context` value in JS, like so:
Expand All @@ -149,7 +149,7 @@ Now, the browser UI will be different based on the value provided.

### IdP Sign-in Status API

In order to use the IdP Sign-in Status API:
To use the IdP Sign-in Status API:

1. Enable the experimental feature `FedCM with FedCM IDP sign-in status` in `chrome://flags`.
2. When the user logs-in to the IdP, use the following HTTP header `IdP-SignIn-Status: action=signin`.
Expand All @@ -158,3 +158,67 @@ In order to use the IdP Sign-in Status API:
5. The browser is going load the `signin_url` when the user is signed-out of the IdP.
6. Call `IdentityProvider.close()` when the user is done logging-in to the IdP.

### Error API

To use the Error API:

* Enable the experimental feature `FedCmError` in `chrome://flags`.
* Provide an `error` in the ID assertion endpoint instead of a `token`:
```
{
"error" : {
"code" : "access_denied",
"url" : "https://idp.example/error?type=foo"
}
}
```
Note that the `error` field in the response including both `code` and `url` is
optional. As long as the flag is enabled, Chrome will render an error UI when
the token request fails. The `error` field is used to customize the flow when an
error happens. Chrome will show a customized UI with proper error message if the
code is "invalid_request", "unauthorized_client", "access_denied", "server_error",
or "temporarily_unavailable". If a `url` field is provided and same-site with
the IdP's `configURL`, Chrome will add an affordance for users to open a new
page (e.g., via pop-up window) with that URL to learn more about the error on
that page.

### IdentityCredentialAutoSelectedFlag API

To use the IdentityCredentialAutoSelectedFlag API:
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
* Enable the experimental feature `FedCmIdentityCredentialAutoSelectedFlag`
in `chrome://flags`.

The browser will send a new boolean to represent whether auto re-authentication
was triggered such that the account was auto selected by the browser in the flow
to both the IdP and the API caller.

For IdP, the browser will include `is_identity_credential_auto_selected` in the
request sent to the ID assersion endpoint:
```
POST /fedcm_assertion_endpoint HTTP/1.1
Host: idp.example
Origin: https://rp.example/
Content-Type: application/x-www-form-urlencoded
Cookie: 0x23223
Sec-Fetch-Dest: webidentity

account_id=123&client_id=client1234&nonce=Ct60bD&disclosure_text_shown=true&is_identity_credential_auto_selected=true
```

For the API caller, the browser will include a boolean when resolving the
promise for it to parse:
yi-gu marked this conversation as resolved.
Show resolved Hide resolved
```
const cred = await navigator.credentials.get({
identity: {
providers: [{
configURL: "https://idp.example/manifest.json",
clientId: "1234"
}]
}
});

const token = cred.token;
if (cred.isIdentityCredentialAutoSelected !== undefined) {
const isAutoSelected = cred.isIdentityCredentialAutoSelected;
}
```
Loading