Skip to content

Commit

Permalink
Specify multiple configURLs (#667)
Browse files Browse the repository at this point in the history
* Specify multiple configURLs

Bug: #552

* Address comments from TallTed

* don't return within the fetch handler

* skip fetch if same-site

* wellknown
  • Loading branch information
cbiesinger authored Nov 26, 2024
1 parent 344458d commit 8201e01
Showing 1 changed file with 36 additions and 17 deletions.
53 changes: 36 additions & 17 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -947,11 +947,12 @@ or failure.
1. Set |rootUrl|'s [=url/scheme=] to |configUrl|'s [=url/scheme=].
1. Set |rootUrl|'s [=url/host=] to |configUrl|'s [=url/host=]'s [=host/registrable domain=].
1. Set |rootUrl|'s [=url/path=] to the <a>list</a> «".well-known", "web-identity"».
1. Let |config|, |configInWellKnown| both be null.
1. Let |config|, |wellKnown|, |accounts_url|, and |login_url| be null.
1. Let |skipWellKnown| be false.
1. Let |rpOrigin| be |globalObject|'s [=associated Document=]'s [=Document/origin=].
1. If |rpOrigin| is not an [=opaque origin=], and |rootUrl|'s [=url/host=] is equal
to |rpOrigin|'s [=host/registrable domain=], and |rootUrl|'s [=url/scheme=] is
equal to |rpOrigin|'s [=origin/scheme=], set |configInWellKnown| to true.
equal to |rpOrigin|'s [=origin/scheme=], set |skipWellKnown| to true.

Note: Because domain cookies are valid across an entire site, there is no privacy
benefit from doing the well-known check if the RP and IDP are in the same site.
Expand Down Expand Up @@ -985,22 +986,18 @@ or failure.
[pull request](https://github.com/whatwg/fetch/pull/1533) for details.

1. [=Fetch request=] with |wellKnownRequest| and |globalObject|, and with <var ignore>processResponseConsumeBody</var>
set to the following steps given a <a spec=fetch for=/>response</a> |response| and |responseBody|:
set to the following steps, given a <a spec=fetch for=/>response</a> |response| and |responseBody|:
1. Let |json| be the result of [=extract the JSON fetch response=] from |response| and
|responseBody|.
1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderWellKnown}},
|discovery|.
1. Set |wellKnown| to the result of [=converted to an IDL value|converting=] |json|
to an {{IdentityProviderWellKnown}}.
1. If one of the previous two steps threw an exception, or if the
[=list/size=] of |discovery|["{{IdentityProviderWellKnown/provider_urls}}"] is
greater than 1, set |configInWellKnown| to false.
[=list/size=] of |wellKnown|["{{IdentityProviderWellKnown/provider_urls}}"] is
greater than 1, set |wellKnown| to failure.

Issue: [relax](https://github.com/fedidcg/FedCM/issues/333) the size of the
provider_urls array.

1. Otherwise, set to |configInWellKnown| to true if
|discovery|["{{IdentityProviderWellKnown/provider_urls}}"][0] [=string/is=] equal to
|provider|'s {{IdentityProviderConfig/configURL}}, and to false otherwise.

1. Let |configRequest| be a new <a spec=fetch for=/>request</a> as follows:

: [=request/url=]
Expand Down Expand Up @@ -1038,11 +1035,31 @@ or failure.
1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderAPIConfig}} stored
in |config|.
1. If one of the previous two steps threw an exception, set |config| to failure.
1. Set |config|.{{IdentityProviderAPIConfig/login_url}} to the result of [=computing
the manifest URL=] with |provider|, |config| and |globalObject|.
1. If |config|.{{IdentityProviderAPIConfig/login_url}} is null, return failure.
1. Wait for both |config| and |configInWellKnown| to be set.
1. If |configInWellKnown| is true, return |config|. Otherwise, return failure.
1. Set |login_url| to the result of [=computing the manifest URL=] with |provider|,
|config|.{{IdentityProviderAPIConfig/login_url}}, and |globalObject|.
1. Set |accounts_url| to the result of [=computing the manifest URL=] with |provider|,
|config|.{{IdentityProviderAPIConfig/accounts_endpoint}}, and |globalObject|.
1. If |login_url| or |accounts_url| is failure, set |config| to failure.
1. Wait for |config| to be set.
1. If |config| is failure, return failure.
1. If |skipWellKnown| is true, return |config|.
1. Wait for |wellKnown| to be set.
1. If |wellKnown| is failure, return failure.
1. If |wellKnown|.{{IdentityProviderWellKnown/accounts_endpoint}} and
|wellKnown|.{{IdentityProviderWellKnown/login_url}} are set:
1. Let |well_known_accounts_url| be the result of [=computing the manifest URL=] with
|provider|, |wellKnown|.{{IdentityProviderWellKnown/accounts_endpoint}},
and |globalObject|.
1. Let |well_known_login_url| be the result of [=computing the manifest URL=] with |provider|,
|wellKnown|.{{IdentityProviderWellKnown/login_url}}, and |globalObject|.
1. If |well_known_accounts_url| is not [=url/equal=] to |accounts_url|, return failure.
1. If |well_known_login_url| is not [=url/equal=] to |login_url|, return failure.
1. Otherwise:
1. Let |allowed_config_url| be the result of [=computing the manifest URL=] with |provider|,
|wellKnown|.{{IdentityProviderWellKnown/provider_urls}}[0], and |globalObject|.
1. If |allowed_config_url| is not [=url/equal=] to |configUrl|, return failure.
1. Return |config|.

</div>

NOTE: a two-tier file system is used in order to prevent the [=IDP=] from easily determining the [=RP=]
Expand All @@ -1055,7 +1072,9 @@ path manipulation to fingerprint (for instance, by including the RP in the path)

<xmp class="idl">
dictionary IdentityProviderWellKnown {
required sequence<USVString> provider_urls;
sequence<USVString> provider_urls;
USVString accounts_endpoint;
USVString login_url;
};

dictionary IdentityProviderIcon {
Expand Down

0 comments on commit 8201e01

Please sign in to comment.