Comments (5)
Assiciated to the discussion we are having on the Privacy CG call, please find a description of the front page logout: https://github.com/IDBrowserUseCases/docs/pull/23/files?short_path=36331a3#diff-36331a3ef573312d503814870d50fc46ee6e69efc1b20c73e5d1606f9dd18104
from is-logged-in.
One additional comment. We need a solution for SAML flows including logins that start with the "IDP Initiated" flow which may be more difficult to classify.
from is-logged-in.
Unfortunately, logout in a federated identity provider sense is a mutually exclusive problem. The classic description goes like this...
-
The user is logged into gmail and reading their mail in a tab. The user then opens a new tab, goes to hikingtrails.example and selects the "Sign-in with Google" option. When the user logs out of hikingtrails.example, they shouldn't be automatically logged out of gmail (or at least that is not likely what the user expects to happens).
-
The user goes directly to hikingtrails.example and selects the "Sign-in with Google" option. When the user logs out of hikingtrails.example they may not remember that they are also logged into Google and need to logout there as well.
Both are valid cases. The general best practice from an identity perspective is for hikingtrail.example to inform the user at time of logout that they logged in via Google and if they want to logout at Google they need to go to Google to logout (possibly providing a link to make it easy for the user).
I'm not sure how to implement that best practice with IsLoggedIn()
from is-logged-in.
I agree the usual user expectation is "logout for one site remain 'local' to the current destination".
'global' logout is also useful but, if we decide to add it, it should be added in parallel - adding complexity to the UI. (ick)
from is-logged-in.
A related (but possibly orthogonal question, so happy to kick off a separate issue), are the implications of "setting setFederatedLoggedIn()" for logout. I know we have resisted so far being opinionated about the implications, but "front channel logout" requires the IDP to embed iframe RPs with third party cookies, and I'm wondering if "setFederatedLogIn()" allows that to work.
We've been collecting some thoughts on logout here in case that helps.
from is-logged-in.
Related Issues (20)
- Privileges that come with IsLoggedIn may push sites to mandate login HOT 1
- Can we cater for link-based logins, e.g. tap link in email => logged in HOT 5
- Use the term bucket for storage HOT 1
- Support for logins to sites requiring 2FA login
- Browser rules for a 'proper' login flow
- Support for federated logins, or the ability to transfer IsLoggedIn HOT 10
- Supporting display name and avoiding misuse of them HOT 1
- Logging-in does not necessarily mean giving tracking consent
- Safari implementation of setLoggedIn API HOT 1
- Concurrent logins support for `navigator.isLoggedIn` method.
- Would it be possible to have it isomorphic?
- Potential use of First Party Sets for Single Sign-On
- Integration with FedCM (formerly WebID) HOT 9
- Potential requirement to have JS turned on to log in users to a site
- Consider changing the name of the spec to better convey purpose, align with conventions HOT 1
- Consider renaming API entry points to align with conventions, better convey purpose
- Use Case: Updating OS-integrated surfaces HOT 3
- advice/hooks for other login helper APIs to change login status
- Should FedCM use the Login Status API? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from is-logged-in.