search

fedidcg / FedCM

A privacy preserving identity exchange Web API
https://fedidcg.github.io/FedCM
Other
357 stars 66 forks source link

Question: why use terms_of_service_url instead of tos_uri? #591

Closed ThisIsMissEm closed 1 month ago

ThisIsMissEm commented 1 month ago

In the Client Metadata response, the properties are named privacy_policy_url" and "terms_of_service_url", in OAuth 2 Fynamic Client Registration, these are "policy_uri" and "tos_uri". Since FedCM is based off OAuth / OIDC, why does the language here deviate?

Also, when requesting Client Metadata, can the browser send the Accept-Language header to allow the IdP to return URIs to documents in The user's language?

samuelgoto commented 1 month ago

Since FedCM is based off OAuth / OIDC, why does the language here deviate?

Because it is not: FedCM has to support SAML (or anything that's invented in the future) as well.

Also, when requesting Client Metadata, can the browser send the Accept-Language header to allow the IdP to return URIs to documents in The user's language?

Ah yes, great idea!

I kicked off https://github.com/fedidcg/FedCM/issues/592 to track that suggestion independently.

I'm closing this since I think I answered your question (feel free to reopen if you'd like more clarification on the reason why we deliberately deviated from OIDC/OAuth) and we can carry on on the other issue for the language suggestion.

ThisIsMissEm commented 1 month ago

Ah, okay, yeah, that makes sense — I'd just seem a lot of OIDC / OAuth terminology whilst reading the spec, so wasn't sure why we'd deviate; tbh, I like the long form better anyway!