chromium/src
0
Fork 0
Code Activity

[FedCM] Clean up some renderer-side flags

Browse Source 
These features have shipped but there seems to be no reminders for
cleaning up renderer-side flags after shipping.

Bug: None
Change-Id: Ibd2c4a1885a6fc1537b39aa5410da1c14ece6d39
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6279387
Reviewed-by: Philip Rogers <pdr@chromium.org>
Reviewed-by: Joe Mason <joenotcharles@google.com>
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1422228}
This commit is contained in:
Nicolás Peña
2025-02-19 15:03:51 -08:00
committed by Chromium LUCI CQ
parent 785898f7c4
commit b3c6e5f02e
23 changed files with 68 additions and 198 deletions

26
content/browser/webid/federated_auth_request_impl.cc

@@ -153,7 +153,6 @@ std::string ComputeUrlEncodedTokenPostDataForIssuers(
std::string ComputeUrlEncodedTokenPostData( std::string ComputeUrlEncodedTokenPostData(
RenderFrameHost& render_frame_host, RenderFrameHost& render_frame_host,
const url::Origin& idp_origin,
const std::string& client_id, const std::string& client_id,
const std::string& nonce, const std::string& nonce,
const std::string& account_id, const std::string& account_id,
@@ -212,7 +211,7 @@ std::string ComputeUrlEncodedTokenPostData(
query += "mode=" + rp_mode_str; query += "mode=" + rp_mode_str;
} }
if (webid::IsFedCmAuthzEnabled(render_frame_host, idp_origin)) { if (webid::IsFedCmAuthzEnabled()) {
std::vector<std::string> fields_to_use; std::vector<std::string> fields_to_use;
if (fields) { if (fields) {
fields_to_use = *fields; fields_to_use = *fields;
@@ -941,7 +940,6 @@ void FederatedAuthRequestImpl::RequestToken(
render_frame_host(), idp_ptr->config->config_url, render_frame_host(), idp_ptr->config->config_url,
permission_delegate_); permission_delegate_);
url::Origin idp_origin = url::Origin::Create(idp_ptr->config->config_url);
if (has_failing_idp_signin_status) { if (has_failing_idp_signin_status) {
if (idp_get_params_ptr->mode == blink::mojom::RpMode::kPassive) { if (idp_get_params_ptr->mode == blink::mojom::RpMode::kPassive) {
if (IsFedCmMultipleIdentityProvidersEnabled()) { if (IsFedCmMultipleIdentityProvidersEnabled()) {
@@ -986,7 +984,7 @@ void FederatedAuthRequestImpl::RequestToken(
return; return;
} }
if (webid::IsFedCmAuthzEnabled(render_frame_host(), idp_origin)) { if (webid::IsFedCmAuthzEnabled()) {
any_idp_has_custom_scopes = any_idp_has_custom_scopes =
any_idp_has_custom_scopes || GetDisclosureFields(*idp_ptr).empty(); any_idp_has_custom_scopes || GetDisclosureFields(*idp_ptr).empty();
any_idp_has_parameters = any_idp_has_parameters || idp_ptr->params_json; any_idp_has_parameters = any_idp_has_parameters || idp_ptr->params_json;
@@ -1102,7 +1100,7 @@ void FederatedAuthRequestImpl::ResolveTokenRequest(
const std::optional<std::string>& account_id, const std::optional<std::string>& account_id,
const std::string& token, const std::string& token,
ResolveTokenRequestCallback callback) { ResolveTokenRequestCallback callback) {
if (!webid::IsFedCmAuthzEnabled(render_frame_host(), origin())) { if (!webid::IsFedCmAuthzEnabled()) {
std::move(callback).Run(false); std::move(callback).Run(false);
return; return;
} }
@@ -1450,8 +1448,7 @@ FederatedAuthRequestImpl::GetDisclosureFields(
IdentityRequestDialogDisclosureField::kEmail, IdentityRequestDialogDisclosureField::kEmail,
IdentityRequestDialogDisclosureField::kPicture}; IdentityRequestDialogDisclosureField::kPicture};
url::Origin idp_origin = url::Origin::Create(provider.config->config_url); if (!webid::IsFedCmAuthzEnabled()) {
if (!webid::IsFedCmAuthzEnabled(render_frame_host(), idp_origin)) {
return kDefaultPermissions; return kDefaultPermissions;
} }
@@ -1863,8 +1860,6 @@ void FederatedAuthRequestImpl::HandleAccountsFetchFailure(
std::optional<bool> old_idp_signin_status, std::optional<bool> old_idp_signin_status,
blink::mojom::FederatedAuthRequestResult result, blink::mojom::FederatedAuthRequestResult result,
std::optional<TokenStatus> token_status) { std::optional<TokenStatus> token_status) {
url::Origin idp_origin =
url::Origin::Create(idp_info->provider->config->config_url);
if (!old_idp_signin_status.has_value()) { if (!old_idp_signin_status.has_value()) {
if (rp_mode_ == blink::mojom::RpMode::kActive) { if (rp_mode_ == blink::mojom::RpMode::kActive) {
MaybeShowActiveModeModalDialog(idp_info->provider->config->config_url, MaybeShowActiveModeModalDialog(idp_info->provider->config->config_url,
@@ -2074,8 +2069,7 @@ void FederatedAuthRequestImpl::OnAccountsResponseReceived(
} }
case IdpNetworkRequestManager::ParseStatus::kSuccess: { case IdpNetworkRequestManager::ParseStatus::kSuccess: {
RecordRawAccountsSize(accounts.size()); RecordRawAccountsSize(accounts.size());
if (webid::IsFedCmAuthzEnabled(render_frame_host(), if (webid::IsFedCmAuthzEnabled()) {
url::Origin::Create(idp_config_url))) {
if (!FilterAccountsWithLabel(idp_info->metadata.requested_label, if (!FilterAccountsWithLabel(idp_info->metadata.requested_label,
accounts)) { accounts)) {
// No accounts remain, so treat as account fetch failure. // No accounts remain, so treat as account fetch failure.
@@ -2363,10 +2357,8 @@ void FederatedAuthRequestImpl::OnAccountSelected(const GURL& idp_config_url,
fedcm_metrics_->RecordContinueOnPopupTime( fedcm_metrics_->RecordContinueOnPopupTime(
idp_config_url, select_account_time_ - accounts_dialog_display_time_); idp_config_url, select_account_time_ - accounts_dialog_display_time_);
url::Origin idp_origin = url::Origin::Create(idp_config_url);
IdpNetworkRequestManager::ContinueOnCallback continue_on; IdpNetworkRequestManager::ContinueOnCallback continue_on;
if (webid::IsFedCmAuthzEnabled(render_frame_host(), idp_origin)) { if (webid::IsFedCmAuthzEnabled()) {
continue_on = base::BindOnce( continue_on = base::BindOnce(
&FederatedAuthRequestImpl::OnContinueOnResponseReceived, &FederatedAuthRequestImpl::OnContinueOnResponseReceived,
weak_ptr_factory_.GetWeakPtr(), idp_info.provider->Clone()); weak_ptr_factory_.GetWeakPtr(), idp_info.provider->Clone());
@@ -2406,7 +2398,7 @@ void FederatedAuthRequestImpl::OnAccountSelected(const GURL& idp_config_url,
} else { } else {
endpoint = idp_info.endpoints.token; endpoint = idp_info.endpoints.token;
query = ComputeUrlEncodedTokenPostData( query = ComputeUrlEncodedTokenPostData(
render_frame_host(), idp_origin, idp_info.provider->config->client_id, render_frame_host(), idp_info.provider->config->client_id,
idp_info.provider->nonce, account_id, idp_info.provider->nonce, account_id,
identity_selection_type_ != kExplicit, rp_mode_, identity_selection_type_ != kExplicit, rp_mode_,
idp_info.provider->fields, disclosure_shown_for, idp_info.provider->fields, disclosure_shown_for,
@@ -2594,15 +2586,15 @@ void FederatedAuthRequestImpl::OnContinueOnResponseReceived(
IdentityProviderRequestOptionsPtr idp, IdentityProviderRequestOptionsPtr idp,
IdpNetworkRequestManager::FetchStatus status, IdpNetworkRequestManager::FetchStatus status,
const GURL& continue_on) { const GURL& continue_on) {
url::Origin idp_origin = url::Origin::Create(idp->config->config_url);
// This is enforced by OnAccountSelected when we call SendTokenRequest. // This is enforced by OnAccountSelected when we call SendTokenRequest.
DCHECK(webid::IsFedCmAuthzEnabled(render_frame_host(), idp_origin)); DCHECK(webid::IsFedCmAuthzEnabled());
id_assertion_response_time_ = base::TimeTicks::Now(); id_assertion_response_time_ = base::TimeTicks::Now();
GetContentClient()->browser()->LogWebFeatureForCurrentPage( GetContentClient()->browser()->LogWebFeatureForCurrentPage(
&render_frame_host(), blink::mojom::WebFeature::kFedCmContinueOnResponse); &render_frame_host(), blink::mojom::WebFeature::kFedCmContinueOnResponse);
url::Origin idp_origin = url::Origin::Create(idp->config->config_url);
// We only allow loading continue_on urls that are same-origin // We only allow loading continue_on urls that are same-origin
// with the IdP. // with the IdP.
// This isn't necessarily final, but seemed like a safer // This isn't necessarily final, but seemed like a safer

5
content/browser/webid/federated_provider_fetcher.cc

@@ -239,8 +239,6 @@ void FederatedProviderFetcher::ValidateAndMaybeSetError(FetchResult& result) {
result.identity_provider_config_url, result.endpoints.token); result.identity_provider_config_url, result.endpoints.token);
bool is_accounts_valid = webid::IsEndpointSameOrigin( bool is_accounts_valid = webid::IsEndpointSameOrigin(
result.identity_provider_config_url, result.endpoints.accounts); result.identity_provider_config_url, result.endpoints.accounts);
url::Origin idp_origin =
url::Origin::Create(result.identity_provider_config_url);
bool is_login_url_valid = bool is_login_url_valid =
result.metadata && result.metadata &&
@@ -281,8 +279,7 @@ void FederatedProviderFetcher::ValidateAndMaybeSetError(FetchResult& result) {
} }
// (b) // (b)
if (webid::IsFedCmAuthzEnabled(*render_frame_host_, idp_origin) && if (webid::IsFedCmAuthzEnabled() && result.wellknown.accounts.is_valid() &&
result.wellknown.accounts.is_valid() &&
result.wellknown.login_url.is_valid() && result.metadata && result.wellknown.login_url.is_valid() && result.metadata &&
result.metadata->idp_login_url.is_valid()) { result.metadata->idp_login_url.is_valid()) {
// Behind the AuthZ flag, it is valid for IdPs to have valid configURLs // Behind the AuthZ flag, it is valid for IdPs to have valid configURLs

18
content/browser/webid/webid_utils.cc

@@ -438,28 +438,14 @@ bool HasSharingPermissionOrIdpHasThirdPartyCookiesAccess(
requester_origin, embedder_origin, url::Origin::Create(provider_url)); requester_origin, embedder_origin, url::Origin::Create(provider_url));
} }
bool IsFedCmAuthzEnabled(RenderFrameHost& host, const url::Origin& idp_origin) { bool IsFedCmAuthzEnabled() {
RuntimeFeatureStateDocumentData* rfs_document_data =
RuntimeFeatureStateDocumentData::GetForCurrentDocument(&host);
// If field trials or an explicit user selection disables authz, we should // If field trials or an explicit user selection disables authz, we should
// respect that. // respect that.
std::optional<bool> is_overridden = IsFedCmAuthzOverridden(); std::optional<bool> is_overridden = IsFedCmAuthzOverridden();
if (is_overridden) { if (is_overridden) {
return *is_overridden; return *is_overridden;
} }
return true;
// Should not be null as this gets initialized when the host gets created.
DCHECK(rfs_document_data);
std::vector<url::Origin> third_party_origins = {idp_origin};
// This includes origin trials.
bool runtime_enabled =
rfs_document_data->runtime_feature_state_read_context()
.IsFedCmAuthzEnabled() ||
rfs_document_data->runtime_feature_state_read_context()
.IsFedCmAuthzEnabledForThirdParty(third_party_origins);
bool flag_enabled = IsFedCmAuthzFlagEnabled();
return runtime_enabled || flag_enabled;
} }
FederatedAuthRequestPageData* GetPageData(Page& page) { FederatedAuthRequestPageData* GetPageData(Page& page) {

2
content/browser/webid/webid_utils.h

@@ -103,7 +103,7 @@ bool HasSharingPermissionOrIdpHasThirdPartyCookiesAccess(
FederatedIdentityPermissionContextDelegate* sharing_permission_delegate, FederatedIdentityPermissionContextDelegate* sharing_permission_delegate,
FederatedIdentityApiPermissionContextDelegate* api_permission_delegate); FederatedIdentityApiPermissionContextDelegate* api_permission_delegate);
bool IsFedCmAuthzEnabled(RenderFrameHost& host, const url::Origin& idp_origin); bool IsFedCmAuthzEnabled();
FederatedAuthRequestPageData* GetPageData(Page& page); FederatedAuthRequestPageData* GetPageData(Page& page);

4
content/child/runtime_features.cc

@@ -203,9 +203,9 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
{wf::EnableEyeDropperAPI, raw_ref(features::kEyeDropper), {wf::EnableEyeDropperAPI, raw_ref(features::kEyeDropper),
kSetOnlyIfOverridden}, kSetOnlyIfOverridden},
{wf::EnableFedCm, raw_ref(features::kFedCm), kSetOnlyIfOverridden}, {wf::EnableFedCm, raw_ref(features::kFedCm), kSetOnlyIfOverridden},
{wf::EnableFedCmButtonMode, raw_ref(features::kFedCmButtonMode), {wf::EnableFedCm, raw_ref(features::kFedCmButtonMode),
kSetOnlyIfOverridden}, kSetOnlyIfOverridden},
{wf::EnableFedCmAuthz, raw_ref(features::kFedCmAuthz), {wf::EnableFedCm, raw_ref(features::kFedCmAuthz),
kSetOnlyIfOverridden}, kSetOnlyIfOverridden},
{wf::EnableFedCmDelegation, raw_ref(features::kFedCmDelegation), {wf::EnableFedCmDelegation, raw_ref(features::kFedCmDelegation),
kDefault}, kDefault},

64
third_party/blink/renderer/modules/credentialmanagement/authentication_credentials_container.cc vendored

@@ -501,7 +501,7 @@ void OnRequestToken(std::unique_ptr<ScopedPromiseResolver> scoped_resolver,
return; return;
} }
case RequestTokenStatus::kError: { case RequestTokenStatus::kError: {
if (!RuntimeEnabledFeatures::FedCmErrorEnabled() || !error) { if (!error) {
resolver->Reject(MakeGarbageCollected<DOMException>( resolver->Reject(MakeGarbageCollected<DOMException>(
DOMExceptionCode::kNetworkError, "Error retrieving a token.")); DOMExceptionCode::kNetworkError, "Error retrieving a token."));
return; return;
@@ -2160,8 +2160,7 @@ void AuthenticationCredentialsContainer::GetForIdentity(
UseCounter::Count(resolver->GetExecutionContext(), UseCounter::Count(resolver->GetExecutionContext(),
WebFeature::kFedCmLoginHint); WebFeature::kFedCmLoginHint);
} }
if (RuntimeEnabledFeatures::FedCmDomainHintEnabled() && if (provider->hasDomainHint()) {
provider->hasDomainHint()) {
UseCounter::Count(resolver->GetExecutionContext(), UseCounter::Count(resolver->GetExecutionContext(),
WebFeature::kFedCmDomainHint); WebFeature::kFedCmDomainHint);
} }
@@ -2256,38 +2255,35 @@ void AuthenticationCredentialsContainer::GetForIdentity(
} }
mojom::blink::RpMode rp_mode = mojom::blink::RpMode::kPassive; mojom::blink::RpMode rp_mode = mojom::blink::RpMode::kPassive;
if (blink::RuntimeEnabledFeatures::FedCmButtonModeEnabled( auto v8_rp_mode = identity_options.mode();
resolver->GetExecutionContext())) { // TODO(crbug.com/372198646): remove the debugging aid enums after shipping
auto v8_rp_mode = identity_options.mode(); // active mode.
// TODO(crbug.com/372198646): remove the debugging aid enums after shipping if (v8_rp_mode ==
// active mode. blink::V8IdentityCredentialRequestOptionsMode::Enum::kWidget ||
if (v8_rp_mode == v8_rp_mode ==
blink::V8IdentityCredentialRequestOptionsMode::Enum::kWidget || blink::V8IdentityCredentialRequestOptionsMode::Enum::kButton) {
v8_rp_mode == resolver->GetExecutionContext()->AddConsoleMessage(
blink::V8IdentityCredentialRequestOptionsMode::Enum::kButton) { MakeGarbageCollected<ConsoleMessage>(
resolver->GetExecutionContext()->AddConsoleMessage( mojom::blink::ConsoleMessageSource::kJavaScript,
MakeGarbageCollected<ConsoleMessage>( mojom::blink::ConsoleMessageLevel::kWarning,
mojom::blink::ConsoleMessageSource::kJavaScript, "The mode button/widget are renamed to active/passive "
mojom::blink::ConsoleMessageLevel::kWarning, "respectively and will be deprecated soon."));
"The mode button/widget are renamed to active/passive " }
"respectively and will be deprecated soon."));
}
rp_mode = mojo::ConvertTo<mojom::blink::RpMode>(v8_rp_mode); rp_mode = mojo::ConvertTo<mojom::blink::RpMode>(v8_rp_mode);
if (rp_mode == mojom::blink::RpMode::kActive) { if (rp_mode == mojom::blink::RpMode::kActive) {
if (identity_provider_ptrs.size() > 1u) { if (identity_provider_ptrs.size() > 1u) {
resolver->Reject(MakeGarbageCollected<DOMException>( resolver->Reject(MakeGarbageCollected<DOMException>(
DOMExceptionCode::kInvalidStateError, DOMExceptionCode::kInvalidStateError,
"Active mode is not currently supported with multiple identity " "Active mode is not currently supported with multiple identity "
"providers.")); "providers."));
return; return;
} }
if (mediation_requirement == CredentialMediationRequirement::kSilent) { if (mediation_requirement == CredentialMediationRequirement::kSilent) {
resolver->Reject(MakeGarbageCollected<DOMException>( resolver->Reject(MakeGarbageCollected<DOMException>(
DOMExceptionCode::kNotSupportedError, DOMExceptionCode::kNotSupportedError,
"mediation:silent is not supported in active mode")); "mediation:silent is not supported in active mode"));
return; return;
}
} }
} }

6
third_party/blink/renderer/modules/credentialmanagement/authentication_credentials_container_test.cc vendored

@@ -444,12 +444,10 @@ TEST(AuthenticationCredentialsContainerTest, PublicKeyConditionalMediationUkm) {
class AuthenticationCredentialsContainerActiveModeMultiIdpTest class AuthenticationCredentialsContainerActiveModeMultiIdpTest
: public testing::Test, : public testing::Test,
private ScopedFedCmMultipleIdentityProvidersForTest, private ScopedFedCmMultipleIdentityProvidersForTest {
ScopedFedCmButtonModeForTest {
protected: protected:
AuthenticationCredentialsContainerActiveModeMultiIdpTest() AuthenticationCredentialsContainerActiveModeMultiIdpTest()
: ScopedFedCmMultipleIdentityProvidersForTest(true), : ScopedFedCmMultipleIdentityProvidersForTest(true) {}
ScopedFedCmButtonModeForTest(true) {}
}; };
TEST_F(AuthenticationCredentialsContainerActiveModeMultiIdpTest, TEST_F(AuthenticationCredentialsContainerActiveModeMultiIdpTest,

6
third_party/blink/renderer/modules/credentialmanagement/credential_manager_type_converters.cc vendored

@@ -983,11 +983,7 @@ TypeConverter<IdentityProviderRequestOptionsPtr,
mojo_options->nonce = options.getNonceOr(""); mojo_options->nonce = options.getNonceOr("");
mojo_options->login_hint = options.getLoginHintOr(""); mojo_options->login_hint = options.getLoginHintOr("");
mojo_options->domain_hint = mojo_options->domain_hint = options.getDomainHintOr("");
blink::RuntimeEnabledFeatures::FedCmDomainHintEnabled()
? options.getDomainHintOr("")
: "";
if (options.hasFormat()) { if (options.hasFormat()) {
// Only one format type is supported at the time and the bindings code // Only one format type is supported at the time and the bindings code
// verifies that the correct one was specified. // verifies that the correct one was specified.

3
third_party/blink/renderer/modules/credentialmanagement/identity_credential.cc vendored

@@ -46,9 +46,6 @@ void OnDisconnect(ScriptPromiseResolver<IDLUndefined>* resolver,
IdentityCredential* IdentityCredential::Create(const String& token, IdentityCredential* IdentityCredential::Create(const String& token,
bool is_auto_selected, bool is_auto_selected,
const String& config_url) { const String& config_url) {
if (!RuntimeEnabledFeatures::FedCmAutoSelectedFlagEnabled()) {
is_auto_selected = false;
}
return MakeGarbageCollected<IdentityCredential>(token, is_auto_selected, return MakeGarbageCollected<IdentityCredential>(token, is_auto_selected,
config_url); config_url);
} }

4
third_party/blink/renderer/modules/credentialmanagement/identity_credential.idl vendored

@@ -17,13 +17,11 @@ dictionary IdentityCredentialDisconnectOptions : IdentityProviderConfig {
readonly attribute USVString token; readonly attribute USVString token;
// Whether an account was automatically selected in the FedCM flow. // Whether an account was automatically selected in the FedCM flow.
[RuntimeEnabled=FedCmAutoSelectedFlag]
readonly attribute boolean isAutoSelected; readonly attribute boolean isAutoSelected;
// The config URL of the selected identity provider. // The config URL of the selected identity provider.
[RuntimeEnabled=FedCmMultipleIdentityProviders] readonly attribute USVString configURL; [RuntimeEnabled=FedCmMultipleIdentityProviders] readonly attribute USVString configURL;
// https://github.com/fedidcg/FedCM/pull/515 // https://github.com/fedidcg/FedCM/pull/515
[RuntimeEnabled=FedCmDisconnect, CallWith=ScriptState, RaisesException, MeasureAs=FedCmDisconnect] static Promise<undefined> disconnect(IdentityCredentialDisconnectOptions options); [CallWith=ScriptState, RaisesException, MeasureAs=FedCmDisconnect] static Promise<undefined> disconnect(IdentityCredentialDisconnectOptions options);
}; };

2
third_party/blink/renderer/modules/credentialmanagement/identity_credential_error.idl vendored

@@ -12,7 +12,7 @@ dictionary IdentityCredentialErrorInit {
[ [
Exposed=Window, Exposed=Window,
SecureContext, SecureContext,
RuntimeEnabled=FedCmError RuntimeEnabled=FedCm
] interface IdentityCredentialError : DOMException { ] interface IdentityCredentialError : DOMException {
constructor(optional DOMString message = "", optional IdentityCredentialErrorInit options = {}); constructor(optional DOMString message = "", optional IdentityCredentialErrorInit options = {});

2
third_party/blink/renderer/modules/credentialmanagement/identity_credential_request_options.idl vendored

@@ -23,7 +23,7 @@ dictionary IdentityCredentialRequestOptions {
required sequence<IdentityProviderRequestOptions> providers; required sequence<IdentityProviderRequestOptions> providers;
IdentityCredentialRequestOptionsContext context = "signin"; IdentityCredentialRequestOptionsContext context = "signin";
// Allows an RP to select between the two modes of operation: active or passive. // Allows an RP to select between the two modes of operation: active or passive.
[RuntimeEnabled=FedCmButtonMode, MeasureAs=FedCmButtonMode] IdentityCredentialRequestOptionsMode mode = "passive"; [MeasureAs=FedCmButtonMode] IdentityCredentialRequestOptionsMode mode = "passive";
// A querying language that allows an RP to ask what it wants from the IdPs. // A querying language that allows an RP to ask what it wants from the IdPs.
[RuntimeEnabled=FedCmSelectiveDisclosure] IdentityStandardClaims claims; [RuntimeEnabled=FedCmSelectiveDisclosure] IdentityStandardClaims claims;
// This is a debugging aid string instead of an actual member of this dictionary. // This is a debugging aid string instead of an actual member of this dictionary.

6
third_party/blink/renderer/modules/credentialmanagement/identity_provider.idl vendored

@@ -27,8 +27,7 @@ dictionary IdentityProviderToken {
[CallWith=ScriptState, RaisesException, MeasureAs=FedCmUserInfo] [CallWith=ScriptState, RaisesException, MeasureAs=FedCmUserInfo]
static Promise<sequence<IdentityUserInfo>> getUserInfo(IdentityProviderConfig config); static Promise<sequence<IdentityUserInfo>> getUserInfo(IdentityProviderConfig config);
[RuntimeEnabled=FedCm, CallWith=ScriptState] [CallWith=ScriptState] static void close();
static void close();
[RuntimeEnabled=FedCmIdPRegistration, CallWith=ScriptState, ImplementedAs=registerIdentityProvider] [RuntimeEnabled=FedCmIdPRegistration, CallWith=ScriptState, ImplementedAs=registerIdentityProvider]
static Promise<boolean> register(USVString configURL); static Promise<boolean> register(USVString configURL);
@@ -37,6 +36,5 @@ dictionary IdentityProviderToken {
// Allows an IdP to return a token to the RP from the content area, as opposed to // Allows an IdP to return a token to the RP from the content area, as opposed to
// over HTTP with the id_assertion_endpoint. // over HTTP with the id_assertion_endpoint.
[RuntimeEnabled=FedCmAuthz, CallWith=ScriptState] [CallWith=ScriptState] static Promise<undefined> resolve((USVString or IdentityProviderToken) token, optional IdentityResolveOptions options = {});
static Promise<undefined> resolve((USVString or IdentityProviderToken) token, optional IdentityResolveOptions options = {});
}; };

6
third_party/blink/renderer/modules/credentialmanagement/identity_provider_config.idl vendored

@@ -26,8 +26,8 @@ dictionary IdentityProviderField {
dictionary IdentityProviderRequestOptions : IdentityProviderConfig { dictionary IdentityProviderRequestOptions : IdentityProviderConfig {
USVString nonce; USVString nonce;
DOMString loginHint; DOMString loginHint;
[RuntimeEnabled=FedCmDomainHint] DOMString domainHint; DOMString domainHint;
[RuntimeEnabled=FedCmAuthz] sequence<(USVString or IdentityProviderField)> fields; sequence<(USVString or IdentityProviderField)> fields;
[RuntimeEnabled=FedCmAuthz] any params; any params;
[RuntimeEnabled=FedCmDelegation] IdentityProviderRequestOptionsFormat format; [RuntimeEnabled=FedCmDelegation] IdentityProviderRequestOptionsFormat format;
}; };

47
third_party/blink/renderer/platform/runtime_enabled_features.json5 vendored

@@ -1861,32 +1861,6 @@
status: "stable", status: "stable",
base_feature: "none", base_feature: "none",
}, },
{
name: "FedCmAuthz",
depends_on: ["FedCm"],
public: true,
browser_process_read_access: true,
status: "stable",
base_feature: "none",
origin_trial_feature_name: "FedCmContinueOnBundle",
origin_trial_allows_third_party: true,
},
{
name: "FedCmAutoSelectedFlag",
depends_on: ["FedCm"],
public: true,
status: "stable",
base_feature: "none",
},
{
name: "FedCmButtonMode",
depends_on: ["FedCm"],
public: true,
status: "stable",
base_feature: "none",
origin_trial_feature_name: "FedCmButtonMode",
origin_trial_allows_third_party: true,
},
{ {
name: "FedCmDelegation", name: "FedCmDelegation",
depends_on: ["FedCm"], depends_on: ["FedCm"],
@@ -1894,27 +1868,6 @@
status: "test", status: "test",
base_feature: "none", base_feature: "none",
}, },
{
name: "FedCmDisconnect",
depends_on: ["FedCm"],
base_feature: "none",
status: "stable",
public: true,
},
{
name: "FedCmDomainHint",
depends_on: ["FedCm"],
public: true,
status: "stable",
base_feature: "none",
},
{
name: "FedCmError",
depends_on: ["FedCm"],
public: true,
status: "stable",
base_feature: "none",
},
{ {
name: "FedCmIdPRegistration", name: "FedCmIdPRegistration",
depends_on: ["FedCm"], depends_on: ["FedCm"],

12
third_party/blink/web_tests/SlowTests vendored

@@ -1333,12 +1333,12 @@ crbug.com/1404951 [ Mac12 Release ] external/wpt/fedcm/fedcm-iframe.https.html [
crbug.com/1404951 [ Mac13 Release ] external/wpt/fedcm/fedcm-iframe.https.html [ Slow ] crbug.com/1404951 [ Mac13 Release ] external/wpt/fedcm/fedcm-iframe.https.html [ Slow ]
crbug.com/1404951 [ Release Win ] external/wpt/fedcm/fedcm-iframe.https.html [ Slow ] crbug.com/1404951 [ Release Win ] external/wpt/fedcm/fedcm-iframe.https.html [ Slow ]
crbug.com/1494119 external/wpt/fedcm/fedcm-login-status/confirm-idp-login.https.html [ Slow ] crbug.com/1494119 external/wpt/fedcm/fedcm-login-status/confirm-idp-login.https.html [ Slow ]
crbug.com/1489239 [ Debug Mac13-arm64 ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Debug Mac13-arm64 ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
crbug.com/1489239 [ Linux ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Linux ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
crbug.com/1489239 [ Mac11 Release ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Mac11 Release ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
crbug.com/1489239 [ Mac12 Release ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Mac12 Release ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
crbug.com/1489239 [ Mac13 ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Mac13 ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
crbug.com/1489239 [ Release Win ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ] crbug.com/1489239 [ Release Win ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on.https.html [ Slow ]
# Slow because it contains thousands of subtests # Slow because it contains thousands of subtests
crbug.com/1423483 [ Linux ] external/wpt/css/css-color/parsing/color-computed-hsl.html [ Slow ] crbug.com/1423483 [ Linux ] external/wpt/css/css-color/parsing/color-computed-hsl.html [ Slow ]

11
third_party/blink/web_tests/TestExpectations vendored

@@ -2743,8 +2743,9 @@ crbug.com/388319477 [ Win ] external/wpt/css/css-page/margin-boxes/content-007-p
crbug.com/388319477 [ Mac13 ] external/wpt/css/css-page/margin-boxes/dimensions-008-print.html [ Crash ] crbug.com/388319477 [ Mac13 ] external/wpt/css/css-page/margin-boxes/dimensions-008-print.html [ Crash ]
crbug.com/388319477 [ Win ] external/wpt/css/css-page/margin-boxes/dimensions-008-print.html [ Crash ] crbug.com/388319477 [ Win ] external/wpt/css/css-page/margin-boxes/dimensions-008-print.html [ Crash ]
crbug.com/388345823 [ Win ] external/wpt/fetch/api/credentials/cookies.any.sharedworker.html [ Crash ] crbug.com/388345823 [ Win ] external/wpt/fetch/api/credentials/cookies.any.sharedworker.html [ Crash ]
crbug.com/388326073 [ Mac14 ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-disclosure-text-shown.https.html [ Crash ] crbug.com/388326073 [ Mac14 ] external/wpt/fedcm/fedcm-authz/fedcm-disclosure-text-shown.https.html [ Crash ]
crbug.com/388326073 [ Win ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-disclosure-text-shown.https.html [ Crash ] crbug.com/388326073 [ Win ] external/wpt/fedcm/fedcm-authz/fedcm-disclosure-text-shown.https.html [ Crash ]
crbug.com/41482163 [ Linux ] external/wpt/fedcm/fedcm-authz/fedcm-continue-on-with-account.https.html [ Timeout ]
[ Linux ] virtual/fenced-frame-mparch-internal/wpt_internal/fenced_frame/revoke-manual-report-event-beacons.https.html [ Crash ] [ Linux ] virtual/fenced-frame-mparch-internal/wpt_internal/fenced_frame/revoke-manual-report-event-beacons.https.html [ Crash ]
[ Win ] virtual/fenced-frame-mparch-internal/wpt_internal/fenced_frame/revoke-manual-report-event-beacons.https.html [ Crash ] [ Win ] virtual/fenced-frame-mparch-internal/wpt_internal/fenced_frame/revoke-manual-report-event-beacons.https.html [ Crash ]
[ Mac14 ] virtual/keepalive-in-browser-migration/external/wpt/background-fetch/abort.https.window.html [ Crash Timeout ] [ Mac14 ] virtual/keepalive-in-browser-migration/external/wpt/background-fetch/abort.https.window.html [ Crash Timeout ]
@@ -3370,7 +3371,7 @@ crbug.com/626703 virtual/view-transition-wide-gamut/external/wpt/css/css-view-tr
crbug.com/626703 virtual/threaded/external/wpt/css/css-view-transitions/no-white-flash-before-activation.html [ Timeout ] crbug.com/626703 virtual/threaded/external/wpt/css/css-view-transitions/no-white-flash-before-activation.html [ Timeout ]
crbug.com/626703 external/wpt/css/css-values/viewport-units-scrollbars-auto-vhw-001.html [ Failure ] crbug.com/626703 external/wpt/css/css-values/viewport-units-scrollbars-auto-vhw-001.html [ Failure ]
crbug.com/626703 external/wpt/css/css-values/viewport-units-scrollbars-scroll-vhw-001.html [ Failure ] crbug.com/626703 external/wpt/css/css-values/viewport-units-scrollbars-scroll-vhw-001.html [ Failure ]
crbug.com/626703 [ Win11-arm64 ] virtual/fedcm-button-and-other-account/external/wpt/fedcm/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html [ Timeout ] crbug.com/626703 [ Win11-arm64 ] external/wpt/fedcm/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html [ Timeout ]
crbug.com/626703 [ Win11-arm64 ] virtual/fenced-frame-mparch/external/wpt/fenced-frame/default-enabled-features-attribution-disabled.https.html [ Timeout ] crbug.com/626703 [ Win11-arm64 ] virtual/fenced-frame-mparch/external/wpt/fenced-frame/default-enabled-features-attribution-disabled.https.html [ Timeout ]
crbug.com/626703 [ Win11-arm64 ] virtual/shared-storage-fenced-frame-mparch/external/wpt/shared-storage/embedder-context.tentative.https.sub.html [ Timeout ] crbug.com/626703 [ Win11-arm64 ] virtual/shared-storage-fenced-frame-mparch/external/wpt/shared-storage/embedder-context.tentative.https.sub.html [ Timeout ]
crbug.com/626703 external/wpt/css/css-transforms/transform-box/svgbox-stroke-box-005.html [ Failure ] crbug.com/626703 external/wpt/css/css-transforms/transform-box/svgbox-stroke-box-005.html [ Failure ]
@@ -6988,7 +6989,7 @@ crbug.com/1404951 [ Win ] external/wpt/fedcm/fedcm-nonce-is-optional.https.html
crbug.com/1480054 [ Win ] external/wpt/fedcm/fedcm-loginhint.https.html [ Pass Timeout ] crbug.com/1480054 [ Win ] external/wpt/fedcm/fedcm-loginhint.https.html [ Pass Timeout ]
crbug.com/328129675 virtual/fedcm-button-and-other-account/external/wpt/fedcm/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html [ Pass Timeout ] crbug.com/328129675 external/wpt/fedcm/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html [ Pass Timeout ]
# We skip these tests in the base test suite in NeverFixTests, but we do want # We skip these tests in the base test suite in NeverFixTests, but we do want
# to run them in the virtual test suite. # to run them in the virtual test suite.
@@ -7704,7 +7705,7 @@ crbug.com/326065719 [ Win11-arm64 ] http/tests/xmlhttprequest/simple-cross-origi
crbug.com/326065568 [ Win11-arm64 ] external/wpt/fedcm/fedcm-disconnect-iframe.sub.https.html [ Failure Pass Timeout ] # Flaky crbug.com/326065568 [ Win11-arm64 ] external/wpt/fedcm/fedcm-disconnect-iframe.sub.https.html [ Failure Pass Timeout ] # Flaky
crbug.com/326065727 [ Win11-arm64 ] external/wpt/html/cross-origin-embedder-policy/cross-origin-isolated-permission-worker.https.window.html [ Failure Pass Timeout ] # Flaky crbug.com/326065727 [ Win11-arm64 ] external/wpt/html/cross-origin-embedder-policy/cross-origin-isolated-permission-worker.https.window.html [ Failure Pass Timeout ] # Flaky
crbug.com/326065972 [ Win11-arm64 ] external/wpt/webrtc-encoded-transform/tentative/RTCPeerConnection-insertable-streams-video.https.html [ Failure Pass Timeout ] # Flaky crbug.com/326065972 [ Win11-arm64 ] external/wpt/webrtc-encoded-transform/tentative/RTCPeerConnection-insertable-streams-video.https.html [ Failure Pass Timeout ] # Flaky
crbug.com/326067001 [ Win11-arm64 ] virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-userinfo-after-resolve.https.html [ Failure Pass Timeout ] # Flaky crbug.com/326067001 [ Win11-arm64 ] external/wpt/fedcm/fedcm-authz/fedcm-userinfo-after-resolve.https.html [ Failure Pass Timeout ] # Flaky
crbug.com/326067598 [ Win11-arm64 ] virtual/fenced-frame-mparch/external/wpt/fenced-frame/set-automatic-beacon.https.html [ Failure Pass Timeout ] # Flaky crbug.com/326067598 [ Win11-arm64 ] virtual/fenced-frame-mparch/external/wpt/fenced-frame/set-automatic-beacon.https.html [ Failure Pass Timeout ] # Flaky
crbug.com/326066872 [ Win11-arm64 ] virtual/prefetch-reusable/external/wpt/speculation-rules/prefetch/navigation-timing-requestStart-responseStart.https.html?prefetch=true [ Failure Pass Timeout ] # Flaky crbug.com/326066872 [ Win11-arm64 ] virtual/prefetch-reusable/external/wpt/speculation-rules/prefetch/navigation-timing-requestStart-responseStart.https.html?prefetch=true [ Failure Pass Timeout ] # Flaky
crbug.com/326066872 [ Win11-arm64 ] virtual/prefetch-new-wait-loop/external/wpt/speculation-rules/prefetch/navigation-timing-requestStart-responseStart.https.html?prefetch=true [ Failure Pass Timeout ] # Flaky crbug.com/326066872 [ Win11-arm64 ] virtual/prefetch-new-wait-loop/external/wpt/speculation-rules/prefetch/navigation-timing-requestStart-responseStart.https.html?prefetch=true [ Failure Pass Timeout ] # Flaky

2
third_party/blink/web_tests/TestLists/content_shell.filter vendored

@@ -944,8 +944,6 @@ virtual/disable-css-line-clamp/external/wpt/css/css-overflow/line-clamp/webkit-l
virtual/disable-css-line-clamp/external/wpt/css/css-overflow/line-clamp/webkit-line-clamp-025.html virtual/disable-css-line-clamp/external/wpt/css/css-overflow/line-clamp/webkit-line-clamp-025.html
virtual/disable-css-line-clamp/external/wpt/css/css-overflow/line-clamp/webkit-line-clamp-036.html virtual/disable-css-line-clamp/external/wpt/css/css-overflow/line-clamp/webkit-line-clamp-036.html
virtual/document-isolation-policy/external/wpt/html/document-isolation-policy/shared-workers.tentative.https.html virtual/document-isolation-policy/external/wpt/html/document-isolation-policy/shared-workers.tentative.https.html
virtual/fedcm-authz/external/wpt/fedcm/fedcm-authz/fedcm-disclosure-text-shown.https.html
virtual/fedcm-button-and-other-account/external/wpt/fedcm/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html
virtual/fedcm-multi-idp/external/wpt/fedcm/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html virtual/fedcm-multi-idp/external/wpt/fedcm/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html
virtual/fedcm-multi-idp/external/wpt/fedcm/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html virtual/fedcm-multi-idp/external/wpt/fedcm/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html
virtual/fedcm-register/external/wpt/fedcm/fedcm-register/fedcm-no-registered-idps.https.html virtual/fedcm-register/external/wpt/fedcm/fedcm-register/fedcm-no-registered-idps.https.html

18
third_party/blink/web_tests/VirtualTestSuites vendored

@@ -1855,24 +1855,6 @@
"owners": ["syg@chromium.org"], "owners": ["syg@chromium.org"],
"expires": "Jul 1, 2025" "expires": "Jul 1, 2025"
}, },
{
"prefix": "fedcm-authz",
"platforms": ["Linux", "Mac", "Win"],
"bases": ["external/wpt/fedcm/fedcm-authz/"],
"exclusive_tests": "ALL",
"args": ["--enable-features=FedCmAuthz"],
"owners": ["cbiesinger@chromium.org", "goto@chromium.org"],
"expires": "May 1, 2025"
},
{
"prefix": "fedcm-button-and-other-account",
"platforms": ["Linux", "Mac", "Win"],
"bases": ["external/wpt/fedcm/fedcm-button-and-other-account/"],
"exclusive_tests": "ALL",
"args": ["--enable-features=FedCmUseOtherAccount,FedCmButtonMode"],
"owners": ["cbiesinger@chromium.org", "yigu@chromium.org"],
"expires": "May 1, 2025"
},
{ {
"prefix": "fedcm-multi-idp", "prefix": "fedcm-multi-idp",
"owners": ["npm@chromium.org", "web-identity-eng@google.com"], "owners": ["npm@chromium.org", "web-identity-eng@google.com"],

6
third_party/blink/web_tests/virtual/fedcm-authz/DIR_METADATA vendored

@@ -1,6 +0,0 @@
monorail: {
component: "Chromium > Blink > Identity > FedCM"
}
buganizer_public: {
component_id: 1456331
}

5
third_party/blink/web_tests/virtual/fedcm-authz/README.md vendored

@@ -1,5 +0,0 @@
# FedCmAuthz
This suite runs the tests in wpt/credential-management/fedcm-authz/ with
`--enable-features=FedCmAuthz`.
See crbug.com/1429083.

6
third_party/blink/web_tests/virtual/fedcm-button-and-other-account/DIR_METADATA vendored

@@ -1,6 +0,0 @@
monorail: {
component: "Chromium > Blink > Identity > FedCM"
}
buganizer_public: {
component_id: 1456331
}

5
third_party/blink/web_tests/virtual/fedcm-button-and-other-account/README.md vendored

@@ -1,5 +0,0 @@
# FedCmButtonMode and FedCmAddAccount
This suite runs the tests in wpt/credential-management/fedcm-button-and-other-account/ with
`--enable-features=FedCmButtonMode,FedCmAddAccount`.
See crbug.com/40284792.