[Editorial] Request consent algorithm should return whether consent was granted or not

w3c-fedid / FedCM

A privacy preserving identity exchange Web API

https://w3c-fedid.github.io/FedCM/

Other

375 stars 72 forks source link

[Editorial] Request consent algorithm should return whether consent was granted or not #296

Closed nsatragno closed 2 years ago

nsatragno commented 2 years ago

The request consent algorithm should return true if consent was given or false otherwise, and the value should be checked on step 6 of DiscoverFromExternalSource. Otherwise, if the selected account is null, the account state for (rp, null) is checked, which is undefined. An alternative would be to have the account state for (rp, null) defined to "unregistered" and add a note explaining it's ok to return null from request consent.

npm1 commented 2 years ago

I think this is fixed in https://github.com/fedidcg/FedCM/pull/304 but I also renaming the request consent there as it now does all the work