diff --git a/spec/index.bs b/spec/index.bs index e102209b..ddb35efe 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -930,11 +930,12 @@ or failure. 1. Set |rootUrl|'s [=url/scheme=] to |configUrl|'s [=url/scheme=]. 1. Set |rootUrl|'s [=url/host=] to |configUrl|'s [=url/host=]'s [=host/registrable domain=]. 1. Set |rootUrl|'s [=url/path=] to the list «".well-known", "web-identity"». - 1. Let |config|, |configInWellKnown| both be null. + 1. Let |config|, |wellKnown|, |accounts_url|, and |login_url| be null. + 1. Let |skipWellKnown| be false. 1. Let |rpOrigin| be |globalObject|'s [=associated Document=]'s [=Document/origin=]. 1. If |rpOrigin| is not an [=opaque origin=], and |rootUrl|'s [=url/host=] is equal to |rpOrigin|'s [=host/registrable domain=], and |rootUrl|'s [=url/scheme=] is - equal to |rpOrigin|'s [=origin/scheme=], set |configInWellKnown| to true. + equal to |rpOrigin|'s [=origin/scheme=], set |skipWellKnown| to true. Note: Because domain cookies are valid across an entire site, there is no privacy benefit from doing the well-known check if the RP and IDP are in the same site. @@ -968,22 +969,18 @@ or failure. [pull request](https://github.com/whatwg/fetch/pull/1533) for details. 1. [=Fetch request=] with |wellKnownRequest| and |globalObject|, and with processResponseConsumeBody - set to the following steps given a response |response| and |responseBody|: + set to the following steps, given a response |response| and |responseBody|: 1. Let |json| be the result of [=extract the JSON fetch response=] from |response| and |responseBody|. - 1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderWellKnown}}, - |discovery|. + 1. Set |wellKnown| to the result of [=converted to an IDL value|converting=] |json| + to an {{IdentityProviderWellKnown}}. 1. If one of the previous two steps threw an exception, or if the - [=list/size=] of |discovery|["{{IdentityProviderWellKnown/provider_urls}}"] is - greater than 1, set |configInWellKnown| to false. + [=list/size=] of |wellKnown|["{{IdentityProviderWellKnown/provider_urls}}"] is + greater than 1, set |wellKnown| to failure. Issue: [relax](https://github.com/fedidcg/FedCM/issues/333) the size of the provider_urls array. - 1. Otherwise, set to |configInWellKnown| to true if - |discovery|["{{IdentityProviderWellKnown/provider_urls}}"][0] [=string/is=] equal to - |provider|'s {{IdentityProviderConfig/configURL}}, and to false otherwise. - 1. Let |configRequest| be a new request as follows: : [=request/url=] @@ -1021,11 +1018,31 @@ or failure. 1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderAPIConfig}} stored in |config|. 1. If one of the previous two steps threw an exception, set |config| to failure. - 1. Set |config|.{{IdentityProviderAPIConfig/login_url}} to the result of [=computing - the manifest URL=] with |provider|, |config| and |globalObject|. - 1. If |config|.{{IdentityProviderAPIConfig/login_url}} is null, return failure. - 1. Wait for both |config| and |configInWellKnown| to be set. - 1. If |configInWellKnown| is true, return |config|. Otherwise, return failure. + 1. Set |login_url| to the result of [=computing the manifest URL=] with |provider|, + |config|.{{IdentityProviderAPIConfig/login_url}}, and |globalObject|. + 1. Set |accounts_url| to the result of [=computing the manifest URL=] with |provider|, + |config|.{{IdentityProviderAPIConfig/accounts_endpoint}}, and |globalObject|. + 1. If |login_url| or |accounts_url| is failure, set |config| to failure. + 1. Wait for |config| to be set. + 1. If |config| is failure, return failure. + 1. If |skipWellKnown| is true, return |config|. + 1. Wait for |wellKnown| to be set. + 1. If |wellKnown| is failure, return failure. + 1. If |wellKnown|.{{IdentityProviderWellKnown/accounts_endpoint}} and + |wellKnown|.{{IdentityProviderWellKnown/login_url}} are set: + 1. Let |well_known_accounts_url| be the result of [=computing the manifest URL=] with + |provider|, |wellKnown|.{{IdentityProviderWellKnown/accounts_endpoint}}, + and |globalObject|. + 1. Let |well_known_login_url| be the result of [=computing the manifest URL=] with |provider|, + |wellKnown|.{{IdentityProviderWellKnown/login_url}}, and |globalObject|. + 1. If |well_known_accounts_url| is not [=url/equal=] to |accounts_url|, return failure. + 1. If |well_known_login_url| is not [=url/equal=] to |login_url|, return failure. + 1. Otherwise: + 1. Let |allowed_config_url| be the result of [=computing the manifest URL=] with |provider|, + |wellKnown|.{{IdentityProviderWellKnown/provider_urls}}[0], and |globalObject|. + 1. If |allowed_config_url| is not [=url/equal=] to |configUrl|, return failure. + 1. Return |config|. + NOTE: a two-tier file system is used in order to prevent the [=IDP=] from easily determining the [=RP=] @@ -1038,7 +1055,9 @@ path manipulation to fingerprint (for instance, by including the RP in the path)