Use credential type registry for permissions + digital credentials #242

marcoscaceres · 2024-07-01T05:27:42Z

Now allows registration of Permission Policy, and added Digital Credentials.

The following tasks have been completed:

Modified Web platform tests (link to pull request)

Implementation commitment:

WebKit (https://bugs.webkit.org/show_bug.cgi?id=)
Chromium (https://bugs.chromium.org/p/chromium/issues/detail?id=)
Gecko (https://bugzilla.mozilla.org/show_bug.cgi?id=)

Preview | Diff

marcoscaceres · 2024-07-01T05:28:09Z

index.bs

@@ -98,20 +98,15 @@ spec:css-syntax-3;
 </pre>
 <pre class="biblio">
 {
-  "FEDCM": {


Already in Specref... don't need this... or WEB-OTP

marcoscaceres · 2024-07-01T06:01:44Z

index.bs

@@ -965,8 +988,6 @@ spec:css-syntax-3;
            1.  If |interface| does not support {{CredentialMediationRequirement/conditional}}
                [=user mediation=], return [=a promise rejected with=] a "{{TypeError}}" {{DOMException}}.

-    1.  Let |p| be [=a new promise=].


Was defined before it was used! oops!

index.bs

nsatragno

This is a lot cleaner than listing every permission policy as its own step, thank you! Some comments:

nsatragno · 2024-07-02T15:59:33Z

index.bs

        <td>[[FEDCM]]</td>
        <td><a href="https://www.w3.org/community/fed-id/">W3C</a></td>
    </tr>
    <tr>
        <td>otp</td>
        <td>otp</td>
        <td>{{OTPCredential}}</td>
+        <td>otp-credentials</td>


looks like you're missing a <td>null</td> here.

index.bs

nsatragno · 2024-07-02T16:10:14Z

index.bs

-        [=allowed to use=] the [=identity-credentials-get=]
-        [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}"
-        {{DOMException}}.
+    1. For each |permission| in |options|' [=credential type registry/Get Permissions Policy=]:


Shouldn't this be something like:

1. For each |interface| in |options|' <a>relevant credential interface objects</a>: 1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=]. 2. If |permission| is null, continue. 3. If |document| is **not** [=allowed to use=] |permission|, return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.

Otherwise, we're looping through all the permissions regardless of what's in our options object.

oh yeah.. oops... 🙈

nsatragno · 2024-07-02T16:12:48Z

index.bs

-        [=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=]
-        [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}"
-        {{DOMException}}.
+    1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=].


Same here. Also, at this stage we still have a list of credential types to loop through. It's not until L1203 that we assert there's only one credential.

(Ideally, we'd make the permissions policy check after verifying there's only one credential, but we already shipped this and it's not that big of a deal).

ok, yeah... I'm also unsure as to why there's a document check below... it seems unnecessary with the fully active check above.

index.bs

nsatragno

Approved, thank you!

) SHA: ee91210 Reason: push, by nsatragno Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Use credential type registry for permissions

3d119ce

marcoscaceres commented Jul 1, 2024

View reviewed changes

marcoscaceres added 2 commits July 1, 2024 15:57

Distiguish get and create

480c51f

Make it a must, will null

ab2f574

marcoscaceres commented Jul 1, 2024

View reviewed changes