1. Introduction
This section is non-normative.
Note: use the following introduction: https://github.com/fedidcg/login-status
2. Login Status Map
Each user agent keeps a global, persistent Login Status
map, an initially empty map. The keys in this map are origin (of IDPs), and the values are enums that can be one of
"unknown
", "logged-in
",
and "logged-out
".
-
If Login Status map[origin] exists, return it.
-
Otherwise, return unknown.
-
Assert that value is one of logged-in or logged-out.
-
Set Login Status map[origin] to value.
3. Infrastructure algorithm
true
:
-
If settings’s relevant global object has no associated Document, return
false
. -
Let document be settings’ relevant global object's associated Document.
-
If document has no browsing context, return
false
. -
Let origin be settings’ origin.
-
Let navigable be document’s node navigable.
-
While navigable has a non-null parent:
-
Set navigable to navigable’s parent.
-
If navigable’s active document's origin is not same site with origin, return
false
.
-
-
Return
true
.
4. HTTP header API
IDPs can set the login status using an HTTP response header as follows.
The HTTP header checking should move into the Fetch spec, since it affects all resource loads.
For each http-redirect fetch and http fetch's response, let value be the result of get a structured field value from the response’s header
list with name "Set-Login
" and type "item
". If value is not null,
process this header as follows:
-
If the request’s destination is not
"document"
:-
If client is null, return.
-
If origin is not same site with the request's origin, return.
-
If client is not same-site with its ancestors, return.
-
-
Assert that value is a tuple.
-
Let token be the first entry of value.
-
If token is
"logged-in"
, set the login status for origin to logged-in. -
If token is
"logged-out"
, set the login status for origin to logged-out.
5. JavaScript API
IDPs can also use a JavaScript API to update the stored login status:
enum {
LoginStatus ,
"logged-in" , }; [
"logged-out" Exposed =Window ,SecureContext ]interface {
NavigatorLogin Promise <undefined >(
setStatus LoginStatus ); };
status partial interface Navigator { [SecureContext ]readonly attribute NavigatorLogin ; };
login
setStatus()
is called with argument status:
-
If the current settings object is not same-site with its ancestors, throw a
SecurityError
DOMException
. -
Let origin be the current settings object's origin.
-
Let value be logged-in if status is
"logged-in"
or logged-out if status is"logged-out"
. -
Set the login status for origin to value.
6. Clearing the Login Status Map data
User agents MUST also clear the Login Status map data when:
- the user clears all cookies or site settings data
-
The user agent MUST clear the entire map.
- the user clears all cookies or all site data for a specific origin
-
The user agent MUST remove all entries that would be affected by the deleted cookies, that is, any entry with an origin to which a deleted cookie could be sent to.
Note: For example, domain cookies may affect subdomains of the deleted origin, e.g. clearing cookies for
google.com
should also reset the login status foraccounts.google.com
, since it may rely on a domain cookie for google.com. - the user deletes individual cookies (if allowed by the user agent)
-
the behavior is user agent-defined.
Note: The user agent MAY want to reset the state to unknown, since is impossible to know whether this cookie affects authorization state.
- the user agent receives a Clear-Site-Data header with a
value of
"cookies"
or"*"
, and the request's client is not null, and the client’s origin is same origin with the top-level origin -
while clearing cookies for origin it MUST remove any entries in the Login Status Map where the key is the input origin.
Once Clear-Site-Data supports partitioned cookies, this wording should be updated.
Note: Other website-initiated cookie changes should not affect this map. When IDP login state changes, it should send an explicit Set-Login header. RP state should not affect this map since it only reflects IDP state.
7. Acknowledgements
Note: write down the Acknowledgements section.