Clarify use case of not-yet-logged-in user

w3c-fedid / FedCM

A privacy preserving identity exchange Web API

https://w3c-fedid.github.io/FedCM/

Other

375 stars 72 forks source link

Clarify use case of not-yet-logged-in user #380

Open bvandersloot-mozilla opened 1 year ago

bvandersloot-mozilla commented 1 year ago

Much of the specification assumes the user already has an active session with the IDP. We need a story for when that does not exist. Discussed solutions include opening a new window/tab with a navigation that allows the IDP to perform login and kick a result back to the RP when finished or a in-chrome iframe a la the Payments API.

cbiesinger commented 1 year ago

Yes, that is indeed needed.

With https://fedidcg.github.io/FedCM/#dom-identityproviderapiconfig-signin_url and https://fedidcg.github.io/FedCM/#example-37a87327 most of the pieces should be there

bvandersloot-mozilla commented 1 year ago

Ah, I missed this entirely since it is not reflected outside of §10.3.2.2.1. Can this track the integration into the API sections?

cbiesinger commented 2 months ago

@bvandersloot-mozilla can we close this as a duplicate of w3c-fedid/button-mode#2 or do you see this issue as covering a different aspect?