// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module blink.mojom;
import "third_party/blink/public/mojom/credentialmanagement/credential_manager.mojom";
import "url/mojom/url.mojom";
import "url/mojom/origin.mojom";
// Implementation of the proposed FedCM API.
//
// Proposal: https://fedidcg.github.io/FedCM/
// Represents the fetch result from a federated authentication request. It is
// used to determine whether a JavaScript exception should be thrown, and what
// the error message of such exception should say. This enum is a subset of
// FederatedAuthRequestResult in
// third_party/blink/public/mojom/devtools/inspector_issue.mojom.
enum RequestTokenStatus {
kSuccess,
kErrorTooManyRequests,
kErrorCanceled,
kError,
};
// Represents the fetch result from a federated user info request. It is
// used to determine whether a JavaScript exception should be thrown, and what
// the error message of such exception should say.
enum RequestUserInfoStatus {
kSuccess,
kError,
};
// Represents the fetch result from a IdentityProvider.disconnect() request.
// It is used to determine whether a JavaScript exception should be
// thrown, and what the error message of such exception should say.
enum DisconnectStatus {
kSuccess,
kErrorTooManyRequests,
kError
};
enum IdpSigninStatus {
kSignedIn,
kSignedOut
};
enum RpContext {
kSignIn,
kSignUp,
kUse,
kContinue
};
// Don't change the meaning or the order of these values because they are
// being recorded in metrics and in sync with the counterpart in enums.xml.
enum RpMode {
kButton,
kWidget
};
// The result of a call to IdentityProvider.register().
enum RegisterIdpStatus {
kSuccess,
kErrorFeatureDisabled,
kErrorCrossOriginConfig,
kErrorNoTransientActivation,
kErrorDeclined
};
// The details of a federated identity provider.
struct IdentityProviderConfig {
// Explicitly references a specific provider by a Config URL.
url.mojom.Url config_url;
// Indirectly references providers that have been registered in the past
// rather than directly.
bool use_registered_config_urls;
// When using registered IDPs, this contains the type of IDP requested.
string? type;
// Can be an empty string to be omitted in the request sent to the provider.
string client_id;
};
// The request parameters for a navigator.credentials.get() FedCM call.
struct IdentityProviderRequestOptions {
IdentityProviderConfig config;
// Can be an empty string to be omitted in the request sent to the provider.
string nonce;
// The login hint for this identity provider. Used by the relying party to
// specify which user account they would like to show in the FedCM dialog.
// This field is not sent to the provider, but rather used by the user agent.
string login_hint;
// The domain hint for this identity provider. Used by the relying party to
// specify the domain hint they require an account to belong to. The field
// is not sent to the provider, but rather used by the user agent.
string domain_hint;
// Profile fields that the RP is requesting access for, such as "name",
// "email" or "picture".
array<string>? fields;
// Additional parameters that the relying party can send to the IdP after
// the user's permission has been gathered.
map<string, string> params;
};
// The information passed in an IdentityProvider.disconnect() call.
struct IdentityCredentialDisconnectOptions {
IdentityProviderConfig config;
// The account hint for which the disconnect ought to happen.
string account_hint;
};
// The list of user information that can be returned to an identity provider during a UserInfo API call.
struct IdentityUserInfo {
string email;
string given_name;
string name;
string picture;
};
// The parameters for a get call for identity provider(s).
struct IdentityProviderGetParameters {
// Details of identity provider(s).
array<IdentityProviderRequestOptions> providers;
// Controls the wording of the FedCM prompt.
RpContext context;
// Controls the UX of the FedCM prompt: modality, behavior when the
// user is signed-out, etc.
RpMode mode;
};
// The error which occurred during the retrieval of a token.
struct TokenError {
// Type of error which resulted in an IdentityCredential not being created.
string? code;
// String URL where the user can learn more information about the error.
string? url;
};
// Create a federated sign-in request using the specified provider.
// This interface is called from a renderer process and implemented in the
// browser process.
interface FederatedAuthRequest {
// Requests a token to be generated, given an array of
// IdentityProviderGetParameters.
// Returns:
// - Status of token request.
// - Configuration URL of the identity provider that the user selected.
// A null URL is returned if the token request failed or did not occur due
// to an error earlier in the flow.
// - Raw content of the token.
// - The error which occurred during the retrieval of a token.
// - Whether the account was automatically selected.
RequestToken(array<IdentityProviderGetParameters> idp_get_params,
CredentialMediationRequirement requirement) =>
(RequestTokenStatus status,
url.mojom.Url? selected_identity_provider_config_url,
string? token,
TokenError? error,
bool is_auto_selected);
// Requests user info to be generated, given an IDP config.
// Returns an IdentityUserInfo for each of the user's accounts.
RequestUserInfo(IdentityProviderConfig provider) =>
(RequestUserInfoStatus status, array<IdentityUserInfo>? user_info);
// Cancels the pending token request, if any.
CancelTokenRequest();
// Resolve the token request from a JS call from a WebView dialog,
// when the id_assertion_endpoint returns a continue_on rather than the
// actual token.
// If no account ID is provided, the account ID of the account that was
// selected in the account chooser will be used.
ResolveTokenRequest(string? account_id, string token) => (bool success);
// Marks the user as logged in/out to the IDP on this origin.
SetIdpSigninStatus(url.mojom.Origin origin, IdpSigninStatus status);
// Registers the url as an IdP's configURL of the user's preference.
RegisterIdP(url.mojom.Url url) => (RegisterIdpStatus status);
// Unregisters the url as an IdP's configURL of the user's preference.
UnregisterIdP(url.mojom.Url url) => (bool success);
// Closes the modal dialog view, if any.
CloseModalDialogView();
// Require user mediation with navigator.credentials.preventSilentAccess() as
// defined in https://w3c.github.io/webappsec-credential-management/#user-mediation
// TODO(https://crbug.com/1441075): There's `PreventSilentAccess` in
// credential_manager.mojom but that's specific to PasswordManager and it's
// hard to reuse it as-is. We should unify the implementation for different
// CredentialTypes and avoid the duplication eventually.
PreventSilentAccess() => ();
// Disconnects the sharing permission for the specified |account_id| from
// |provider| for the RP identified by |client_id|.
Disconnect(IdentityCredentialDisconnectOptions options) =>
(DisconnectStatus status);
};
Codebase Browser
chromium