-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FedCM] Replace the scopes API with the fields API
This implements the new proposal here: https://github.com/fedidcg/FedCM/issues/559 If one or two but not all of ["name", "email", "picture"] are requested, we reject the promise. Otherwise, we show the disclosure text if either field is not specified or contains the three default fields. All specified fields are passed to the server in the "fields" parameter; if fields was unspecified we pass the default fields here. All this is for forwards compatibility. Bug: 40262526 Change-Id: I13833691e5f2851f0dc8e9568d007e57a47b8127
- Loading branch information
1 parent
452afc7
commit d0ed8f1
Showing
4 changed files
with
67 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
credential-management/support/fedcm/manifest_check_disclosure_shown_true.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"accounts_endpoint": "accounts.py", | ||
"client_metadata_endpoint": "client_metadata.py", | ||
"id_assertion_endpoint": "token_check_disclosure_shown_true.py", | ||
"login_url": "login.html" | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
credential-management/support/fedcm/token_check_disclosure_shown_true.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
import importlib | ||
error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check") | ||
|
||
def main(request, response): | ||
request_error = error_checker.tokenCheck(request) | ||
if (request_error): | ||
return request_error | ||
|
||
nonce = request.POST.get(b"nonce") or b"" | ||
if request.POST.get(b"disclosure_text_shown") != b"true": | ||
return (560, [], "disclosure_text_shown is not true") | ||
if request.POST.get(b"disclosure_shown_for") != b"name,email,picture": | ||
return (561, [], "disclosure_shown_for is not name,email,picture") | ||
if request.POST.get(b"fields") != nonce: | ||
return (562, [], "fields does not match nonce") | ||
|
||
response.headers.set(b"Content-Type", b"application/json") | ||
response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) | ||
response.headers.set(b"Access-Control-Allow-Credentials", "true") | ||
|
||
return "{\"token\": \"token\"}" |