Revert "Remove FedCmIdpSigninStatus feature flag and runtime flag"
This reverts commit 67311fb00c.
Reason for revert: See crbug.com/384866916
Original change's description:
> Remove FedCmIdpSigninStatus feature flag and runtime flag
>
> Bug: 381211734
> Change-Id: I41f8f8bcf308a685533980da7d16e2b634a11636
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6078693
> Reviewed-by: Alex Rudenko <alexrudenko@chromium.org>
> Commit-Queue: suresh potti <sureshpotti@microsoft.com>
> Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
> Reviewed-by: Nicolás Peña <npm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1397709}
Bug: 381211734
Change-Id: I9f8fb3f45e294ec696b4d8f0ed659d5c7f7e2715
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6097148
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adem Derinel <derinel@google.com>
Owners-Override: Adem Derinel <derinel@google.com>
Cr-Commit-Position: refs/heads/main@{#1397816}
This commit is contained in:
Adem Derinel
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
6aa32e348a
commit
e125c793de
chrome/test/chromedriver/test
content
browser
webid
child
public
third_party/blink/renderer
modules
credentialmanagement
platform
@ -8685,7 +8685,8 @@ class FedCmSpecificTest(ChromeDriverBaseTestWithWebServer):
|
||||
'enable-experimental-web-platform-features']
|
||||
self._driver = self.CreateDriver(
|
||||
accept_insecure_certs=True,
|
||||
chrome_switches=self.chrome_switches)
|
||||
chrome_switches=self.chrome_switches +
|
||||
["--enable-features=FedCmIdpSigninStatusEnabled"])
|
||||
|
||||
self._driver.Load(self._url_prefix + "/mark-signed-in")
|
||||
|
||||
|
||||
@ -919,7 +919,9 @@ void FederatedAuthRequestImpl::RequestToken(
|
||||
permission_delegate_);
|
||||
|
||||
url::Origin idp_origin = url::Origin::Create(idp_ptr->config->config_url);
|
||||
if (has_failing_idp_signin_status) {
|
||||
if (has_failing_idp_signin_status &&
|
||||
webid::GetIdpSigninStatusMode(render_frame_host(), idp_origin) ==
|
||||
FedCmIdpSigninStatusMode::ENABLED) {
|
||||
if (idp_get_params_ptr->mode == blink::mojom::RpMode::kPassive) {
|
||||
if (IsFedCmMultipleIdentityProvidersEnabled()) {
|
||||
// In the multi IDP case, we do not want to complete the request
|
||||
@ -1322,7 +1324,11 @@ void FederatedAuthRequestImpl::OnAllConfigAndWellKnownFetched(
|
||||
webid::ShouldFailAccountsEndpointRequestBecauseNotSignedInWithIdp(
|
||||
render_frame_host(), identity_provider_config_url,
|
||||
permission_delegate_);
|
||||
if (idp_info->has_failing_idp_signin_status) {
|
||||
if (idp_info->has_failing_idp_signin_status &&
|
||||
webid::GetIdpSigninStatusMode(
|
||||
render_frame_host(),
|
||||
url::Origin::Create(identity_provider_config_url)) ==
|
||||
FedCmIdpSigninStatusMode::ENABLED) {
|
||||
// If the user is logged out and we are in a active-mode, allow the user
|
||||
// to sign-in to the IdP and return early.
|
||||
if (rp_mode_ == blink::mojom::RpMode::kActive) {
|
||||
@ -1818,7 +1824,10 @@ void FederatedAuthRequestImpl::HandleAccountsFetchFailure(
|
||||
std::optional<TokenStatus> token_status) {
|
||||
url::Origin idp_origin =
|
||||
url::Origin::Create(idp_info->provider->config->config_url);
|
||||
if (!old_idp_signin_status.has_value()) {
|
||||
FedCmIdpSigninStatusMode signin_status_mode =
|
||||
webid::GetIdpSigninStatusMode(render_frame_host(), idp_origin);
|
||||
if (!old_idp_signin_status.has_value() ||
|
||||
signin_status_mode == FedCmIdpSigninStatusMode::METRICS_ONLY) {
|
||||
if (rp_mode_ == blink::mojom::RpMode::kActive) {
|
||||
MaybeShowActiveModeModalDialog(idp_info->provider->config->config_url,
|
||||
idp_info->metadata.idp_login_url);
|
||||
|
||||
@ -1905,26 +1905,16 @@ TEST_F(FederatedAuthRequestImplTest, MissingAccountsEndpoint) {
|
||||
EXPECT_EQ("Provider's FedCM config file is invalid.", messages[1]);
|
||||
}
|
||||
|
||||
// Test that request fails if config is missing an IDP login URL.
|
||||
// Test that request does not fail if config is missing an IDP login URL.
|
||||
TEST_F(FederatedAuthRequestImplTest, MissingLoginURL) {
|
||||
// Login URL is only optional when the signin status API is disabled.
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndDisableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
MockConfiguration configuration = kConfigurationValid;
|
||||
configuration.idp_info[kProviderUrlFull].config.idp_login_url = "";
|
||||
RequestExpectations expectations = {
|
||||
RequestTokenStatus::kError,
|
||||
FederatedAuthRequestResult::kConfigInvalidResponse,
|
||||
/*standalone_console_message=*/std::nullopt,
|
||||
/*selected_idp_config_url=*/std::nullopt};
|
||||
RunAuthTest(kDefaultRequestParameters, expectations, configuration);
|
||||
RunAuthTest(kDefaultRequestParameters, kExpectationSuccess, configuration);
|
||||
EXPECT_TRUE(DidFetchWellKnownAndConfig());
|
||||
|
||||
std::vector<std::string> messages =
|
||||
RenderFrameHostTester::For(main_rfh())->GetConsoleMessages();
|
||||
ASSERT_EQ(2U, messages.size());
|
||||
EXPECT_EQ(
|
||||
"Config file is missing or has an invalid URL for the following:\n"
|
||||
"\"login_url\"\n",
|
||||
messages[0]);
|
||||
EXPECT_EQ("Provider's FedCM config file is invalid.", messages[1]);
|
||||
}
|
||||
|
||||
// Test that client metadata endpoint is not required in config.
|
||||
@ -1954,6 +1944,10 @@ TEST_F(FederatedAuthRequestImplTest, AccountEndpointDifferentOriginIdp) {
|
||||
// Test that request fails if IDP login URL is different origin from IDP config
|
||||
// URL.
|
||||
TEST_F(FederatedAuthRequestImplTest, LoginUrlDifferentOriginIdp) {
|
||||
// We only validate the login_url if IdpSigninStatus is enabled.
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
MockConfiguration configuration = kConfigurationValid;
|
||||
configuration.idp_info[kProviderUrlFull].config.idp_login_url =
|
||||
"https://idp2.example/login_url";
|
||||
@ -3812,6 +3806,9 @@ TEST_F(FederatedAuthRequestImplTest, ReorderMultipleAccounts) {
|
||||
// Test that first API call with a given IDP is not affected by the
|
||||
// IdpSigninStatus bit.
|
||||
TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestFirstTimeFetchSuccess) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
EXPECT_CALL(*test_permission_delegate_,
|
||||
SetIdpSigninStatus(OriginFromString(kProviderUrlFull), true))
|
||||
.Times(1);
|
||||
@ -3829,6 +3826,9 @@ TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestFirstTimeFetchSuccess) {
|
||||
// failure during fetching accounts.
|
||||
TEST_F(FederatedAuthRequestImplTest,
|
||||
IdpSigninStatusTestFirstTimeFetchNoFailureUi) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
EXPECT_CALL(*test_permission_delegate_,
|
||||
SetIdpSigninStatus(OriginFromString(kProviderUrlFull), false))
|
||||
.Times(1);
|
||||
@ -3849,6 +3849,9 @@ TEST_F(FederatedAuthRequestImplTest,
|
||||
// Test that a failure UI will be displayed if the accounts fetch is failed but
|
||||
// the IdpSigninStatus claims that the user is signed in.
|
||||
TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestShowFailureUi) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = true;
|
||||
|
||||
@ -3871,6 +3874,9 @@ TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestShowFailureUi) {
|
||||
// UI is displayed.
|
||||
TEST_F(FederatedAuthRequestImplTest,
|
||||
IdpSigninStatusTestApiFailedIfUserNotSignedInWithIdp) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = false;
|
||||
|
||||
@ -3947,6 +3953,9 @@ class ParseStatusOverrideIdpNetworkRequestManager
|
||||
// 2) User signs-in
|
||||
// 3) User selects "Continue" in account chooser dialog.
|
||||
TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSignin) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
SetNetworkRequestManager(
|
||||
std::make_unique<ParseStatusOverrideIdpNetworkRequestManager>());
|
||||
auto* network_manager =
|
||||
@ -3997,6 +4006,9 @@ TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSignin) {
|
||||
// 2) User switches tabs
|
||||
// 3) User signs into IdP in different tab
|
||||
TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSigninButHidden) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
SetNetworkRequestManager(
|
||||
std::make_unique<ParseStatusOverrideIdpNetworkRequestManager>());
|
||||
auto* network_manager =
|
||||
@ -4046,6 +4058,9 @@ TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSigninButHidden) {
|
||||
// 1) Failure dialog is shown due to IdP sign-in status mismatch
|
||||
// 2) In a different tab, user signs into different IdP
|
||||
TEST_F(FederatedAuthRequestImplTest, FailureUiSigninFromDifferentIdp) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
SetNetworkRequestManager(
|
||||
std::make_unique<ParseStatusOverrideIdpNetworkRequestManager>());
|
||||
auto* network_manager =
|
||||
@ -4100,6 +4115,9 @@ TEST_F(FederatedAuthRequestImplTest, FailureUiSigninFromDifferentIdp) {
|
||||
// That ShowFailureDialog() is called a 2nd time after the IdP sign-in status
|
||||
// update.
|
||||
TEST_F(FederatedAuthRequestImplTest, FailureUiAccountEndpointKeepsFailing) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
url::Origin kIdpOrigin = OriginFromString(kProviderUrlFull);
|
||||
|
||||
MockConfiguration configuration = kConfigurationValid;
|
||||
@ -4157,6 +4175,9 @@ TEST_F(FederatedAuthRequestImplTest, FailureUiAccountEndpointKeepsFailing) {
|
||||
// status update.
|
||||
// That user is shown IdP-sign-in-failure dialog.
|
||||
TEST_F(FederatedAuthRequestImplTest, FailureUiThenFailDifferentEndpoint) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
SetNetworkRequestManager(
|
||||
std::make_unique<ParseStatusOverrideIdpNetworkRequestManager>());
|
||||
auto* network_manager =
|
||||
@ -4216,6 +4237,21 @@ TEST_F(FederatedAuthRequestImplTest, FailureUiThenFailDifferentEndpoint) {
|
||||
CheckAllFedCmSessionIDs();
|
||||
}
|
||||
|
||||
// Test that when IdpSigninStatus API is in the metrics-only mode, that an IDP
|
||||
// signed-out status stays signed-out regardless of what is returned by the
|
||||
// accounts endpoint.
|
||||
TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusMetricsModeStaysSignedout) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitWithFeatures({}, {features::kFedCmIdpSigninStatusEnabled});
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = false;
|
||||
EXPECT_CALL(*test_permission_delegate_, SetIdpSigninStatus(_, _)).Times(0);
|
||||
|
||||
RunAuthTest(kDefaultRequestParameters, kExpectationSuccess,
|
||||
kConfigurationValid);
|
||||
}
|
||||
|
||||
// Test that when IdpSigninStatus API does not have any state for an IDP, that
|
||||
// the state transitions to sign-in if the accounts endpoint returns a
|
||||
// non-empty list of accounts.
|
||||
@ -4231,6 +4267,31 @@ TEST_F(
|
||||
kConfigurationValid);
|
||||
}
|
||||
|
||||
// Test that when IdpSigninStatus API is in metrics-only mode, that IDP sign-in
|
||||
// status transitions to signed-out if the accounts endpoint returns no
|
||||
// information.
|
||||
TEST_F(FederatedAuthRequestImplTest,
|
||||
IdpSigninStatusMetricsModeTransitionsToSignedoutWhenNoAccounts) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitWithFeatures({}, {features::kFedCmIdpSigninStatusEnabled});
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = true;
|
||||
EXPECT_CALL(*test_permission_delegate_,
|
||||
SetIdpSigninStatus(OriginFromString(kProviderUrlFull), false));
|
||||
|
||||
MockConfiguration configuration = kConfigurationValid;
|
||||
configuration.idp_info[kProviderUrlFull].accounts_response.parse_status =
|
||||
ParseStatus::kInvalidResponseError;
|
||||
RequestExpectations expectations = {
|
||||
RequestTokenStatus::kError,
|
||||
FederatedAuthRequestResult::kAccountsInvalidResponse,
|
||||
/*standalone_console_message=*/std::nullopt, std::nullopt};
|
||||
RunAuthTest(kDefaultRequestParameters, expectations, configuration);
|
||||
EXPECT_TRUE(DidFetch(FetchedEndpoint::ACCOUNTS));
|
||||
EXPECT_FALSE(did_show_accounts_dialog());
|
||||
}
|
||||
|
||||
// Tests that multiple IDPs provided results in an error if the
|
||||
// `kFedCmMultipleIdentityProviders` flag is disabled.
|
||||
TEST_F(FederatedAuthRequestImplTest, MultiIdpDisabled) {
|
||||
@ -6421,6 +6482,9 @@ TEST_F(FederatedAuthRequestImplTest, AccountsDialogShownMetric) {
|
||||
// Tests that when a mismatch dialog is shown, the appropriate metrics are
|
||||
// recorded.
|
||||
TEST_F(FederatedAuthRequestImplTest, MismatchDialogShownMetric) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
base::RunLoop ukm_loop;
|
||||
ukm_recorder()->SetOnAddEntryCallback(FedCmEntry::kEntryName,
|
||||
ukm_loop.QuitClosure());
|
||||
@ -6451,6 +6515,9 @@ TEST_F(FederatedAuthRequestImplTest, MismatchDialogShownMetric) {
|
||||
|
||||
// Tests that a mismatch dialog is shown twice.
|
||||
TEST_F(FederatedAuthRequestImplTest, DoubleMismatchDialog) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
base::RunLoop ukm_loop;
|
||||
ukm_recorder()->SetOnAddEntryCallback(FedCmEntry::kEntryName,
|
||||
ukm_loop.QuitClosure());
|
||||
@ -6546,6 +6613,9 @@ TEST_F(FederatedAuthRequestImplTest, AbortedAccountsDialogShownDurationMetric) {
|
||||
// Tests that when a mismatch dialog is aborted, the appropriate duration
|
||||
// metrics are recorded.
|
||||
TEST_F(FederatedAuthRequestImplTest, AbortedMismatchDialogShownDurationMetric) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
base::RunLoop ukm_loop;
|
||||
ukm_recorder()->SetOnAddEntryCallback(FedCmEntry::kEntryName,
|
||||
ukm_loop.QuitClosure());
|
||||
@ -6757,6 +6827,9 @@ TEST_F(FederatedAuthRequestImplTest, ErrorUrlDisplayedWithProperUrl) {
|
||||
|
||||
// Test that permission is embargoed upon closing a mismatch dialog.
|
||||
TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusCloseMismatchEmbargo) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = true;
|
||||
|
||||
@ -6779,6 +6852,9 @@ TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusCloseMismatchEmbargo) {
|
||||
// Test that permission is not embargoed upon closing an IDP sign-in flow
|
||||
// pop-up.
|
||||
TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusClosePopupEmbargo) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
test_permission_delegate_
|
||||
->idp_signin_statuses_[OriginFromString(kProviderUrlFull)] = true;
|
||||
|
||||
|
||||
@ -144,7 +144,9 @@ void FederatedAuthUserInfoRequest::SetCallbackAndStart(
|
||||
}
|
||||
|
||||
if (webid::ShouldFailAccountsEndpointRequestBecauseNotSignedInWithIdp(
|
||||
*render_frame_host_, idp_config_url_, permission_delegate_)) {
|
||||
*render_frame_host_, idp_config_url_, permission_delegate_) &&
|
||||
webid::GetIdpSigninStatusMode(*render_frame_host_, idp_origin) ==
|
||||
FedCmIdpSigninStatusMode::ENABLED) {
|
||||
CompleteWithError(FederatedAuthUserInfoRequestResult::kNotSignedInWithIdp);
|
||||
return;
|
||||
}
|
||||
@ -196,7 +198,10 @@ void FederatedAuthUserInfoRequest::OnAllConfigAndWellKnownFetched(
|
||||
does_idp_have_failing_signin_status_ =
|
||||
webid::ShouldFailAccountsEndpointRequestBecauseNotSignedInWithIdp(
|
||||
*render_frame_host_, idp_config_url_, permission_delegate_);
|
||||
if (does_idp_have_failing_signin_status_) {
|
||||
if (does_idp_have_failing_signin_status_ &&
|
||||
webid::GetIdpSigninStatusMode(*render_frame_host_,
|
||||
url::Origin::Create(idp_config_url_)) ==
|
||||
FedCmIdpSigninStatusMode::ENABLED) {
|
||||
CompleteWithError(FederatedAuthUserInfoRequestResult::kNotSignedInWithIdp);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -240,10 +240,13 @@ void FederatedProviderFetcher::ValidateAndMaybeSetError(FetchResult& result) {
|
||||
result.identity_provider_config_url, result.endpoints.accounts);
|
||||
url::Origin idp_origin =
|
||||
url::Origin::Create(result.identity_provider_config_url);
|
||||
|
||||
bool is_login_url_valid =
|
||||
result.metadata &&
|
||||
webid::IsEndpointSameOrigin(result.identity_provider_config_url,
|
||||
result.metadata->idp_login_url);
|
||||
webid::GetIdpSigninStatusMode(render_frame_host_.get(), idp_origin) !=
|
||||
FedCmIdpSigninStatusMode::ENABLED ||
|
||||
(result.metadata &&
|
||||
webid::IsEndpointSameOrigin(result.identity_provider_config_url,
|
||||
result.metadata->idp_login_url));
|
||||
|
||||
if (!is_token_valid || !is_accounts_valid || !is_login_url_valid) {
|
||||
std::string console_message =
|
||||
|
||||
@ -515,6 +515,8 @@ TEST_F(FederatedProviderFetcherTest, InvalidCrossOriginTokenEndpoint) {
|
||||
}
|
||||
|
||||
TEST_F(FederatedProviderFetcherTest, InvalidCrossOriginSigninUrl) {
|
||||
feature_list_.InitAndEnableFeature(features::kFedCmIdpSigninStatusEnabled);
|
||||
|
||||
FederatedProviderFetcher::FetchResult result;
|
||||
result.endpoints.accounts = GURL("https://idp.example/accounts");
|
||||
result.endpoints.token = GURL("https://idp.example/token");
|
||||
|
||||
@ -27,6 +27,13 @@ bool IsFedCmMultipleIdentityProvidersEnabled() {
|
||||
features::kFedCmMultipleIdentityProviders);
|
||||
}
|
||||
|
||||
FedCmIdpSigninStatusMode GetFedCmIdpSigninStatusFlag() {
|
||||
if (base::FeatureList::IsEnabled(features::kFedCmIdpSigninStatusEnabled)) {
|
||||
return FedCmIdpSigninStatusMode::ENABLED;
|
||||
}
|
||||
return FedCmIdpSigninStatusMode::METRICS_ONLY;
|
||||
}
|
||||
|
||||
bool IsFedCmMetricsEndpointEnabled() {
|
||||
return base::FeatureList::IsEnabled(features::kFedCmMetricsEndpoint);
|
||||
}
|
||||
|
||||
@ -24,6 +24,11 @@ bool IsFedCmAuthzFlagEnabled();
|
||||
// Whether multiple identity providers are enabled.
|
||||
bool IsFedCmMultipleIdentityProvidersEnabled();
|
||||
|
||||
// Returns the IdpSigninStatus API mode.
|
||||
// Most callers should use webid::GetIdpSigninStatusMode() in webid_utils.h
|
||||
// instead, as that version takes origin trial status into account.
|
||||
FedCmIdpSigninStatusMode GetFedCmIdpSigninStatusFlag();
|
||||
|
||||
// Whether metrics endpoint is enabled.
|
||||
bool IsFedCmMetricsEndpointEnabled();
|
||||
|
||||
|
||||
@ -423,6 +423,8 @@ class WebIdBrowserTest : public ContentBrowserTest {
|
||||
class WebIdIdpSigninStatusBrowserTest : public WebIdBrowserTest {
|
||||
public:
|
||||
void SetUpCommandLine(base::CommandLine* command_line) override {
|
||||
scoped_feature_list_.InitAndEnableFeature(
|
||||
features::kFedCmIdpSigninStatusEnabled);
|
||||
command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
|
||||
}
|
||||
|
||||
@ -438,7 +440,9 @@ class WebIdIdpSigninStatusForFetchKeepAliveBrowserTest
|
||||
public:
|
||||
void SetUpCommandLine(base::CommandLine* command_line) override {
|
||||
scoped_feature_list_.InitWithFeatures(
|
||||
{blink::features::kKeepAliveInBrowserMigration}, {});
|
||||
{features::kFedCmIdpSigninStatusEnabled,
|
||||
blink::features::kKeepAliveInBrowserMigration},
|
||||
{});
|
||||
command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
|
||||
}
|
||||
|
||||
|
||||
@ -393,6 +393,13 @@ std::string GetDisconnectConsoleErrorMessage(
|
||||
}
|
||||
}
|
||||
|
||||
FedCmIdpSigninStatusMode GetIdpSigninStatusMode(RenderFrameHost& host,
|
||||
const url::Origin& idp_origin) {
|
||||
// TODO(crbug.com/40283354): Remove this function in favor of
|
||||
// GetFedCmIdpSigninStatusFlag.
|
||||
return GetFedCmIdpSigninStatusFlag();
|
||||
}
|
||||
|
||||
std::string FormatUrlForDisplay(const GURL& url) {
|
||||
// We do not use url_formatter::FormatUrlForSecurityDisplay() directly because
|
||||
// our UI intentionally shows only the eTLD+1, as it makes for a shorter text
|
||||
|
||||
@ -86,6 +86,9 @@ CONTENT_EXPORT std::string GetConsoleErrorMessageFromResult(
|
||||
CONTENT_EXPORT std::string GetDisconnectConsoleErrorMessage(
|
||||
FedCmDisconnectStatus disconnect_status_for_metrics);
|
||||
|
||||
FedCmIdpSigninStatusMode GetIdpSigninStatusMode(RenderFrameHost& host,
|
||||
const url::Origin& idp_origin);
|
||||
|
||||
// Returns the eTLD+1 for a given url. For localhost, returns the host.
|
||||
std::string FormatUrlForDisplay(const GURL& url);
|
||||
|
||||
|
||||
@ -217,6 +217,9 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
|
||||
kDefault},
|
||||
{wf::EnableFedCmIdPRegistration,
|
||||
raw_ref(features::kFedCmIdPRegistration), kDefault},
|
||||
{wf::EnableFedCmIdpSigninStatus,
|
||||
raw_ref(features::kFedCmIdpSigninStatusEnabled),
|
||||
kSetOnlyIfOverridden},
|
||||
{wf::EnableGamepadMultitouch,
|
||||
raw_ref(features::kEnableGamepadMultitouch)},
|
||||
{wf::EnableSharedStorageAPI,
|
||||
|
||||
@ -440,6 +440,14 @@ BASE_FEATURE(kFedCmIdPRegistration,
|
||||
"FedCmIdPregistration",
|
||||
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||
|
||||
// Enables the IDP signin status API for use with FedCM, including avoiding
|
||||
// network requests when not signed in and mismatch handling.
|
||||
// When turned off, Login-Status headers are still parsed and processed
|
||||
// and FedCM mismatch metrics are collected.
|
||||
BASE_FEATURE(kFedCmIdpSigninStatusEnabled,
|
||||
"FedCmIdpSigninStatusEnabled",
|
||||
base::FEATURE_ENABLED_BY_DEFAULT);
|
||||
|
||||
// Enables usage of the FedCM API with metrics endpoint at the same time.
|
||||
BASE_FEATURE(kFedCmMetricsEndpoint,
|
||||
"FedCmMetricsEndpoint",
|
||||
|
||||
@ -113,6 +113,7 @@ CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmAuthz);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmButtonMode);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmDelegation);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmIdPRegistration);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmIdpSigninStatusEnabled);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmMetricsEndpoint);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmMultipleIdentityProviders);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kFedCmSelectiveDisclosure);
|
||||
|
||||
7
third_party/blink/renderer/modules/credentialmanagement/authentication_credentials_container.cc
vendored
7
third_party/blink/renderer/modules/credentialmanagement/authentication_credentials_container.cc
vendored
@ -2070,7 +2070,12 @@ void AuthenticationCredentialsContainer::GetForIdentity(
|
||||
UseCounter::Count(resolver->GetExecutionContext(),
|
||||
WebFeature::kFedCmIframe);
|
||||
}
|
||||
|
||||
// Track when websites use FedCM with the IDP sign-in status opt-in
|
||||
if (RuntimeEnabledFeatures::FedCmIdpSigninStatusEnabled(
|
||||
resolver->GetExecutionContext())) {
|
||||
UseCounter::Count(resolver->GetExecutionContext(),
|
||||
WebFeature::kFedCmIdpSigninStatusApi);
|
||||
}
|
||||
int provider_index = 0;
|
||||
Vector<mojom::blink::IdentityProviderRequestOptionsPtr>
|
||||
identity_provider_ptrs;
|
||||
|
||||
@ -27,7 +27,7 @@ dictionary IdentityProviderToken {
|
||||
[CallWith=ScriptState, RaisesException, MeasureAs=FedCmUserInfo]
|
||||
static Promise<sequence<IdentityUserInfo>> getUserInfo(IdentityProviderConfig config);
|
||||
|
||||
[CallWith=ScriptState]
|
||||
[RuntimeEnabled=FedCmIdpSigninStatus, CallWith=ScriptState]
|
||||
static void close();
|
||||
|
||||
[RuntimeEnabled=FedCmIdPRegistration, CallWith=ScriptState, ImplementedAs=registerIdentityProvider]
|
||||
|
||||
@ -14,13 +14,13 @@ enum LoginStatus {
|
||||
ImplementedAs=NavigatorLogin
|
||||
]
|
||||
partial interface Navigator {
|
||||
[SecureContext, RuntimeEnabled=FedCm] readonly attribute NavigatorLogin login;
|
||||
[SecureContext, RuntimeEnabled=FedCmIdpSigninStatus] readonly attribute NavigatorLogin login;
|
||||
};
|
||||
|
||||
[
|
||||
Exposed=Window,
|
||||
SecureContext,
|
||||
RuntimeEnabled=FedCm
|
||||
RuntimeEnabled=FedCmIdpSigninStatus
|
||||
]
|
||||
interface NavigatorLogin {
|
||||
[CallWith=ScriptState, MeasureAs=FedCmIdpSigninStatusJsApi]
|
||||
|
||||
@ -1806,6 +1806,14 @@
|
||||
status: "test",
|
||||
base_feature: "none",
|
||||
},
|
||||
{
|
||||
name: "FedCmIdpSigninStatus",
|
||||
depends_on: ["FedCm"],
|
||||
public: true,
|
||||
status: "stable",
|
||||
base_feature: "none",
|
||||
browser_process_read_access: true,
|
||||
},
|
||||
{
|
||||
name: "FedCmMultipleIdentityProviders",
|
||||
depends_on: ["FedCm"],
|
||||
|
||||
Reference in New Issue
Block a user