Recovering from expired uiHint account info
#37
Comments
|
Good catch! My thought was that the UI would revert to the state as if the ui hint never existed. That leads to you making a good point that displaying multiple accounts from the same IDP without any kind of UI hint is a challenge for the browser. Currently Firefox naively shows all options and they look identical. I would probably want to define one to pick and display, leaving the others out of the UI. What are your thoughts on that/how to pick one?
No, it should just be the hint that expires. |
|
I'm actually curious what regular FedCM does in the case where there are multiple accounts with no name or picture... |
|
If required fields are missing we just fail the request, but you can maybe work around that with the magic of unicode, in which case the user would likely be confused... However, you'd still have the email to disambiguate. |
|
Ah, got it- given name and picture are the only optional ones there. Thanks Christian! |
|
Closing as duplicate of #40; at the very least the two discussions are closely related and further discussion of this should happen there. |
The explainer as of f6febd5 doesn't include detail about how the user-agent should recover from the state where the account information has expired. With the uiHint expired, if the user has multiple lightweight accounts stored for that IdP with different token values, there wouldn't be a way for the user agent to present the account options to the user in a meaningful way.
Alternatively, does the expiration actually remove the stored credential entirely, thereby requiring the user to go through the Scenario 1 flow?
The text was updated successfully, but these errors were encountered: