[FedCM] Replace the scopes API with the fields API

credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html

@@ -16,10 +16,42 @@
 fedcm_test(async t => {
   let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json");
   options.identity.providers[0].clientId = "0";
-  options.identity.providers[0].scope = ["non_default_scope"];
+  options.identity.providers[0].fields = ["non_default_field"];
+  options.identity.providers[0].nonce = "non_default_field";
   const cred = await fedcm_get_and_select_first_account(t, options);
   assert_equals(cred.token, "token");
   assert_equals(cred.isAutoSelected, false);
-}, "We should send disclosure_text_shown=false when custom scopes are passed.");
+}, "We should send disclosure_text_shown=false when custom fields are passed.");
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].fields = [];
+  options.identity.providers[0].nonce = "";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=false when an empty custom fields array is passed.");
+
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].nonce = "name,email,picture";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=true when no custom fields are passed.");
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].fields = ["name", "email", "picture", "locale"];
+  options.identity.providers[0].nonce = "name,email,picture,locale";
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=true when custom fields are passed in addition to standard fields.");
+
 
 </script>

credential-management/support/fedcm/manifest_check_disclosure_shown_true.json

@@ -0,0 +1,7 @@
+{
+  "accounts_endpoint": "accounts.py",
+  "client_metadata_endpoint": "client_metadata.py",
+  "id_assertion_endpoint": "token_check_disclosure_shown_true.py",
+  "login_url": "login.html"
+}
+

credential-management/support/fedcm/token_check_disclosure_shown_false.py

@@ -6,8 +6,14 @@ def main(request, response):
   if (request_error):
     return request_error
 
+  nonce = request.POST.get(b"nonce") or b""
   if request.POST.get(b"disclosure_text_shown") != b"false":
     return (560, [], "disclosure_text_shown is not false")
+  if request.POST.get(b"disclosure_shown_for") is not None:
+    return (561, [], "disclosure_shown_for is not None")
+  fields = request.POST.get(b"fields") or b""
+  if fields != nonce:
+    return (562, [], "fields does not match nonce")
 
   response.headers.set(b"Content-Type", b"application/json")
   response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))

credential-management/support/fedcm/token_check_disclosure_shown_true.py

@@ -0,0 +1,22 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+  request_error = error_checker.tokenCheck(request)
+  if (request_error):
+    return request_error
+
+  nonce = request.POST.get(b"nonce") or b""
+  if request.POST.get(b"disclosure_text_shown") != b"true":
+    return (560, [], "disclosure_text_shown is not true")
+  if request.POST.get(b"disclosure_shown_for") != b"name,email,picture":
+    return (561, [], "disclosure_shown_for is not name,email,picture")
+  fields = request.POST.get(b"fields") or b""
+  if fields != nonce:
+    return (562, [], "fields does not match nonce")
+
+  response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
+
+  return "{\"token\": \"token\"}"