[FedCM] Make sure disclosure_text_shown is correct with the scopes API

cbiesinger · chromium-wpt-export-bot · commit 84b308dada59 · 2024-05-09T09:41:07.000-07:00
Bug: 338574387 Change-Id: Ic675cfa848688d0d0f0ed14792ee22735a29adf0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5526980 Reviewed-by: Yi Gu <yigu@chromium.org> Commit-Queue: Christian Biesinger <cbiesinger@chromium.org> Cr-Commit-Position: refs/heads/main@{#1298645}
diff --git a/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html b/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API network request tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<body>
+
+<script type="module">
+import {fedcm_test,
+        request_options_with_mediation_required,
+        fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+  let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json");
+  options.identity.providers[0].clientId = "0";
+  options.identity.providers[0].scope = ["non_default_scope"];
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  assert_equals(cred.token, "token");
+  assert_equals(cred.isAutoSelected, false);
+}, "We should send disclosure_text_shown=false when custom scopes are passed.");
+
+</script>
diff --git a/credential-management/support/fedcm/manifest_check_disclosure_shown_false.json b/credential-management/support/fedcm/manifest_check_disclosure_shown_false.json
@@ -0,0 +1,7 @@
+{
+  "accounts_endpoint": "accounts.py",
+  "client_metadata_endpoint": "client_metadata.py",
+  "id_assertion_endpoint": "token_check_disclosure_shown_false.py",
+  "login_url": "login.html"
+}
+
diff --git a/credential-management/support/fedcm/token_check_disclosure_shown_false.py b/credential-management/support/fedcm/token_check_disclosure_shown_false.py
@@ -0,0 +1,16 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+  request_error = error_checker.tokenCheck(request)
+  if (request_error):
+    return request_error
+
+  if request.POST.get(b"disclosure_text_shown") != b"false":
+    return (560, [], "disclosure_text_shown is not false")
+
+  response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
+
+  return "{\"token\": \"token\"}"
