search

w3c-fedid / FedCM

A privacy preserving identity exchange Web API
https://w3c-fedid.github.io/FedCM/
Other
375 stars 72 forks source link

Support different encoding formats for the HTTP endpoints #334

Closed samuelgoto closed 5 months ago

samuelgoto commented 2 years ago

The accounts_endpoint and client_metadata_endpoint currently send x-www-form-urlencoded to web servers. We hear from IdPs that some frameworks (e.g. Spring) default to produce/consume applicaton/json which would make it easier to integrate for them if we supported.

Not sure how to solve this, but a few initial ideas that occurred to me were (a) adding a configuration declaration in the configURL or (b) making an OPTIONS HTTP request before hand (seems overkill?).

On (a), this is what it could look like:

{
   "accounts_endpoint": {
       "accepts": "application/json",
       "url": "/accounts.php",
    }
}
cbiesinger commented 2 years ago

Hmm before we add such complexity we should learn more how hard this is for such frameworks. How do they handle form submissions...?

cbiesinger commented 5 months ago

Based on https://stackoverflow.com/questions/47853462/how-to-properly-receive-urlencoded-form-body-with-spring it seems straightforward in spring to handle urlencoded formats, and since regular form submissions also use this format surely frameworks have to support it.

Producing JSON is not an issue because we already use JSON in the endpoint responses.

Since this has not come up again in the last two years, I recommend closing this.

(by the way, the client metadata endpoint does not use urlencoded, it uses GET)