cbiesinger
commented
1 year ago @martinthomson, @bvandersloot-mozilla and @cboozar -- any thoughts?
Closed cbiesinger closed 1 year ago
cbiesinger
commented
1 year ago @martinthomson, @bvandersloot-mozilla and @cboozar -- any thoughts?
cbiesinger
commented
1 year ago also @rbyers
npm1
commented
1 year ago This is fine, at least in isolation, but there is a bigger question to ask here.
Just to be clear: are you ok merging this as an improvement, and working on the other points separately?
For this flow to succeed, it is going to show a selector in some cases and not others. The involvement of a user is critical at the point that the RP-IdP connection is first made, and less so thereafter.
So an initial request will likely always involve prompting. My (strong) preference is that this both require and consume engagement if the prompt is shown in that case.
I think we have discussed this in the past. We don't seem to agree on this point (whether FedCM should be gated on user gesture), but I thought we agreed that user agents could diverge on this at least for now?
For the re-login prompt, my (again strong) preference is that a prompt NOT be shown. A prompt only really makes sense if the RP wants to ask for a different login to the one provided recently, or it is asking for something new of the user with respect to how they interact with the IdP (we're not talking Authorization yet, so maybe set this aside).
Agreed, though this is probably best left to the mediation parameter. Shameless plug: PTAL at https://github.com/fedidcg/FedCM/pull/458? :)
martinthomson
commented
1 year ago I'm OK with merging, but requesting that we open an issue to track the bigger issue.
npm1
commented
1 year ago I'm OK with merging, but requesting that we open an issue to track the bigger issue.
Filed https://github.com/fedidcg/FedCM/issues/469 for you :)
Preview | Diff