- From: Mike West <mkwst@google.com>
- Date: Wed, 6 Aug 2014 11:46:34 +0200
- To: Sam Penrose <spenrose@mozilla.com>
- Cc: Webapps WG <public-webapps@w3.org>
- Message-ID: <CAKXHy=cpQnB8VRvUz30b37k1uNJTdYo12G10kWRUeUpwCguSyw@mail.gmail.com>
Hey Sam, this looks interesting indeed! It's not clear to me how this proposal interacts with the credential management proposal I sent out last week. Does the following more or less describe the integration you're thinking about, or have I completely misunderstood the proposal? ``` navigator.credentials.request({ federations: ['https://idp1.net/', ' https://idp2.net' ] }).then(function(c) { // If the user picks a supported IDP, authenticate: if (c && c instanceof FederatedCredential) { navigator.auth.authenticate({ authURL: ..., returnURL: ... }); } }); ``` I was hoping that we could find a way to hide some of that magic behind the initial call to `.request()`. If the user picks a stored credential from IDP #1, it seems like we'd be able to come up with a system that returned whatever IDP-specific tokens directly as part of resolving the promise. That is, rather than popping up one picker, then resolving the promise, returning control to the website, and then popping up some additional UI, we could handle the IDP-side authentication process in the browser before returning a credential. We could, for instance, remove the need for parameters to `authenticate` by defining suitable attributes in an IDP manifest, as sketched out at http://projects.mikewest.org/credentialmanagement/spec/#identity-provider-manifest . -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Wed, Aug 6, 2014 at 5:25 AM, Sam Penrose <spenrose@mozilla.com> wrote: > We think that users could be well served by providing simple ways for user > agents and authentication protocols (specifically Oauth, we hope others) to > support each other: > > https://github.com/SamPenrose/ua-augmented-auth > > Web apps suffer particularly due to non-http URIs and cookie segregation. > We would like feedback on the specific APIs suggested, as well as the > overall problem framing. Thank you for your consideration. > > -- Sam > > >
Received on Wednesday, 6 August 2014 09:47:23 UTC