@@ -832,6 +832,15 @@ the exception thrown.
832832 |providerMap|[|providerOrigin|] to "mismatch" and [=continue=] .
833833 1. Assert: |accountsList| is not failure and the size of |accountsList| is not 0.
834834 1. [=Set the login status=] for |providerOrigin| to [=logged-in=] .
835+ 1. For each |acc| in |accountsList|:
836+ 1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=]
837+ with |acc| and |globalObject|. If the [=user agent=] displays this picture to
838+ the user at any point, it MUST reuse the result of this fetch instead of redownloading
839+ the picture.
840+
841+ Note: We require downloading the pictures here before we potentially filter the account
842+ list so that the identity provider cannot determine what hints were provided
843+ based on which fetches occurred.
835844 1. If |provider|'s {{IdentityProviderRequestOptions/loginHint}} is not empty:
836845 1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s
837846 {{IdentityProviderAccount/login_hints}} does not [=list/contain=] |provider|'s
@@ -853,13 +862,6 @@ the exception thrown.
853862 1. Let |selectedAccount| be null.
854863 1. For each (|providerOrigin|, |value|) in |providerMap|:
855864 1. If |value| is not a [=list=] |accountsList|, [=continue=] .
856- 1. For each |acc| in |accountsList|:
857- 1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=]
858- with |acc| and |globalObject|.
859-
860- Note: The [=user agent=] may choose to show UI which does not initially require fetching the
861- account pictures. In these cases, the [=user agent=] may delay these fetches until they are
862- needed. Because errors from these fetches are ignored, they can happen in any order.
863865 1. For each |acc| in |accountsList|:
864866 1. If |acc| is [=eligible for auto reauthentication=] given the relevant |provider|, and
865867 |globalObject|, set |registeredAccount| to |acc|, increase |numRegisteredAccounts| by 1,
@@ -873,7 +875,7 @@ the exception thrown.
873875 1. Set |isAutoSelected| to true.
874876 1. Otherwise, if |mediation| is "{{CredentialMediationRequirement/silent}} " and |providerMap|'s
875877 [=map/values=] do not [=map/contain=] "mismatch", return (failure, true).
876- 1. Let |permission|, |disclosureTextShown |, and |isAutoSelected| be set to false.
878+ 1. Let |permission|, |permissionRequested |, and |isAutoSelected| be set to false.
877879 1. Build UI by adding the following for each (|providerOrigin|, |value|) in |providerMap|:
878880 1. If |value| is "logged-out", the user agent adds one of the following:
879881 * Nothing: no UI is shown regarding this [=IDP=] .
@@ -902,7 +904,7 @@ the exception thrown.
902904 1. Wait until one of the following occurs:
903905
904906 * If the user selects another option, do nothing.
905-
907+
906908 * If the user closes the dialog, return (failure, true).
907909
908910 * If the [=show an IDP login dialog=] algorithm was triggered:
@@ -911,79 +913,45 @@ the exception thrown.
911913 1. If |result| is failure, return (failure, true). The user
912914 agent MAY show a dialog to the user before or after
913915 returning failure indicating this failure.
914- 1. Otherwise, go back to the [=fetch accounts step=] .
915-
916- 1. Assert: |accountsList| is not failure and the size of |accountsList| is not 0.
917- 1. [=Set the login status=] for the [=/origin=] of the
918- {{IdentityProviderConfig/configURL}} to [=logged-in=] .
919- 1. For each |acc| in |accountsList|:
920- 1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=]
921- with |acc| and |globalObject|. If the [=user agent=] displays this picture to
922- the user at any point, it MUST reuse the result of this fetch instead of redownloading
923- the picture.
924-
925- Note: We require downloading the pictures here before we potentially filter the account
926- list so that the identity provider cannot determine what hints were provided
927- based on which fetches occurred.
928- 1. If |provider|'s {{IdentityProviderRequestOptions/loginHint}} is not empty:
929- 1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s
930- {{IdentityProviderAccount/login_hints}} does not [=list/contain=] |provider|'s
931- {{IdentityProviderRequestOptions/loginHint}} .
932- 1. If |accountList| is now empty, go to the [=mismatch dialog step=] .
933- 1. If |provider|'s {{IdentityProviderRequestOptions/domainHint}} is not empty:
934- 1. For every |account| in |accountList|:
935- 1. If {{IdentityProviderRequestOptions/domainHint}} is "any":
936- 1. If |account|'s {{IdentityProviderAccount/domain_hints}} is empty, remove
937- |account| from |accountList|.
938- 1. Otherwise, remove |account| from |accountList| if |account|'s
939- {{IdentityProviderAccount/domain_hints}} does not [=list/contain=] |provider|'s
940- {{IdentityProviderRequestOptions/domainHint}} .
941- 1. If |accountList| is now empty, go to the [=mismatch dialog step=] .
942- 1. Let |registeredAccount|, |numRegisteredAccounts| be null and 0, respectively.
943- 1. Let |account| be null.
944- 1. For each |acc| in |accountsList|:
945- 1. If |acc| is [=eligible for auto reauthentication=] given |provider|, and |globalObject|,
946- set |registeredAccount| to |acc| and increase |numRegisteredAccounts| by 1.
947- 1. Let |permission|, |permissionRequested|, and |isAutoSelected| be set to false.
948- 1. If |mediation| is not "{{CredentialMediationRequirement/required}} ", |requiresUserMediation|
949- is false, and |numRegisteredAccounts| is equal to 1:
950- 1. Set |account| to |registeredAccount| and |permission| to true. When doing this, the user
951- agent MAY show some UI to the user indicating that they are being
952- [=auto-reauthenticated=] .
953- 1. Set |isAutoSelected| to true.
954- 1. Otherwise, if |mediation| is "{{CredentialMediationRequirement/silent}} ", return (failure, true).
955- 1. Otherwise, if |accountsList|'s size is 1:
956- 1. Set |account| to |accountsList|[0] .
957- 1. If [=compute the connection status=] of |account|, |provider|, and |globalObject| returns
958- [=compute the connection status/connected=] , show a dialog to request user permission to sign
959- in via |account|, and set the result in |permission|. The user agent MAY use |options|'s
960- {{IdentityCredentialRequestOptions/context}} and |options|'s
961- {{IdentityCredentialRequestOptions/mode}} to customize the dialog.
962- 1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
963- algorithm with |account|, |config|, |provider|, and |globalObject|. Also set
964- |permissionRequested| to true if the user agent [=supports showing a permission prompt=] .
965- 1. Otherwise:
966- 1. Set |account| to the result of running the [=select an account=] from the
967- |accountsList|.
968- 1. If |account| is failure, return (failure, true).
969- 1. If [=compute the connection status=] of |account|, |provider| and |globalObject| is
970- [=compute the connection status/connected=] , set |permission| to true.
971- 1. Otherwise, if |provider|.{{IdentityProviderRequestOptions/fields}} is [=list/empty=] ,
972- [=create a connection between the RP and the IdP account=] with |provider|, |account|,
973- and |globalObject|, and set |permission| to true.
974-
975- Note: The connection would normally be created in the [=request permission to sign-up=]
976- algorithm, but we do not want to show an extra dialog in this case.
977- 1. Otherwise:
978- 1. Let |permission| be the result of running the [=request permission to sign-up=]
979- algorithm with |account|, |config|, |provider|, and |globalObject|.
980- 1. Set |permissionRequested| to true.
916+ 1. Otherwise, go back to the [=fetch accounts step=] to get an updated
917+ value of |providerMap| for this [=IDP=] .
918+ 1. Otherwise, |value| is a [=list=] of accounts. All accounts are aggregated into a single
919+ |accountsList| and these are then presented to the user as follows:
920+ 1. If |accountsList|'s size is 1:
921+ 1. Set |selectedAccount| to |accountsList|[0] .
922+ 1. If [=compute the connection status=] of |selectedAccount|, the relevant |provider|,
923+ and |globalObject| returns [=compute the connection status/connected=] , show a
924+ dialog to request user permission to sign in via |selectedAccount|, and set the
925+ result in |permission|. The user agent MAY use |options|'s
926+ {{IdentityCredentialRequestOptions/context}} and |options|'s
927+ {{IdentityCredentialRequestOptions/mode}} to customize the dialog.
928+ 1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
929+ algorithm with |selectedAccount|, the relevant |config|, the relevant |provider|,
930+ and |globalObject|. Also set |permissionRequested| to true if the user agent
931+ [=supports showing a permission prompt=] .
932+ 1. Otherwise:
933+ 1. Set |selectedAccount| to the result of running the [=select an account=] from the
934+ |accountsList|.
935+ 1. If |selectedAccount| is failure, return (failure, true).
936+ 1. If [=compute the connection status=] of |selectedAccount|, the relevant |provider|,
937+ and |globalObject| is [=compute the connection status/connected=] , set |permission|
938+ to true.
939+ 1. Otherwise, if |provider|.{{IdentityProviderRequestOptions/fields}} is [=list/empty=] ,
940+ [=create a connection between the RP and the IdP account=] with |provider|, |account|,
941+ and |globalObject|, and set |permission| to true.
942+ Note: The connection would normally be created in the [=request permission to sign-up=]
943+ algorithm, but we do not want to show an extra dialog in this case.
944+ 1. Otherwise:
945+ 1. Let |permission| be the result of running the [=request permission to sign-up=]
946+ algorithm with |selectedAccount|, the relevant |config|, the relevant |provider|,
947+ and |globalObject|.
948+ 1. Set |permissionRequested| to true.
981949 1. Wait until the [=user agent=] 's dialogs requesting for user choice or permission to be
982950 closed, if any are created in the previous steps.
983951 1. Assert: |selectedAccount| is not null.
984952 1. If |permission| is false, then return (failure, true).
985953 1. Let |credential| be the result of running the [=fetch an identity assertion=] algorithm with
986- |selectedAccount|'s {{IdentityProviderAccount/id}} , |disclosureTextShown |, |isAutoSelected|,
954+ |selectedAccount|'s {{IdentityProviderAccount/id}} , |permissionRequested |, |isAutoSelected|,
987955 |provider|, |config|, and |globalObject|.
988956 1. Return |credential|.
989957</div>
@@ -2607,11 +2575,11 @@ The [=remote end steps=] are:
260725751. Return [=success=] with data `null`.
26082576
26092577<!-- ============================================================ -->
2610- # Security Considerations # {#security-considerations }
2578+ # Security Considerations # {#security}
26112579<!-- ============================================================ -->
26122580
26132581This section provides a few of the security considerations for the FedCM API. Note that there is a
2614- separate section for [[#privacy-considerations ]] .
2582+ separate section for [[#privacy]] .
26152583
26162584<!-- ============================================================ -->
26172585## Content Security Policy ## {#content-security-policy}
@@ -2680,7 +2648,7 @@ the top-level frame wants it so. A sneaky iframe cannot force the FedCM UI to oc
26802648content from the main page.
26812649
26822650<!-- ============================================================ -->
2683- # Privacy Considerations # {#privacy-considerations }
2651+ # Privacy Considerations # {#privacy}
26842652<!-- ============================================================ -->
26852653
26862654This section is intended to provide a comprehensive overview of the privacy risks associated with
0 commit comments