Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi-IdP API: The RP needs a way to know which IdP the user selected #560

Open
samuelgoto opened this issue Apr 23, 2024 · 8 comments
Open

Multi-IdP API: The RP needs a way to know which IdP the user selected #560

samuelgoto opened this issue Apr 23, 2024 · 8 comments

Comments

@samuelgoto
Copy link
Collaborator

samuelgoto commented Apr 23, 2024
edited
Loading

I'm posting this on behalf of an IdP that is currently experimenting with the Multi-IdP API and has given us this feedback

In the Multi-IdP API proposal, the RP needs to know which IdP was selected from the list of providers, so that it can interpret the token that it gets in the IdentityCredential.
@samuelgoto
Copy link
Collaborator Author

One of the proposals that @npm1 is exploring is exposing the configURL that was used when the user made the choice in the resulting IdentityCredential.
@samuelgoto samuelgoto changed the title Multi-IdP API: The RP needs a way to know which IdP the user chose Apr 23, 2024
@obfuscoder
Copy link
Contributor

Or the configURL provided by the IdP during IdP registration (see #240) when client used "any" as IdP configURL?
@samuelgoto
Copy link
Collaborator Author

Or the configURL provided by the IdP during IdP registration (see #240) when client used "any" as IdP configURL?

Yep.
@obfuscoder
Copy link
Contributor

I read somewhere else that this is already available in Canary for testing?
@cbiesinger
Copy link
Collaborator

Yes! @npm1 added a configURL property to the returned IdentityCredential in version 126.0.6436.0 (requires the multi IDP flag to be enabled)
@samuelgoto
Copy link
Collaborator Author

samuelgoto commented May 2, 2024
edited
Loading

Yes! @npm1 added a configURL property to the returned IdentityCredential in version 126.0.6436.0 (requires the multi IDP flag to be enabled)

This cl here.

As @cbiesinger, you should be able to use the configURL in the returning IdentityCredential to figure out which IdP that was used that resulted into the promise.

I think @npm1 was intending it to be used somewhat like the following:

const credential = await navigator.credentials.get({
  identity: {
    providers: [{
      configURL: "https://idp1.example",
      // ... other stuff ...
    }, {
      configURL: "https://idp2.example",
      // ... other stuff ...
    }, ]
  }
});

const {token, configURL} = credential;

// decode the token differently depending on which configURL was used

I'm going to mark this as fixed, since there is a different issue tracking putting this into the spec, etc here:

#319

Let me know if you give this a try and it doesn't work for you @obfuscoder .
@cbiesinger
Copy link
Collaborator

We should probably keep this open until we actually added this to the spec
@cbiesinger cbiesinger reopened this May 2, 2024
@aaronpk
Copy link

aaronpk commented May 17, 2024

Just wanted to chime in and say this is working for me.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
4 participants
@aaronpk @samuelgoto @cbiesinger @obfuscoder