@@ -391,9 +391,16 @@ This returns <dfn for="compute the connection status">connected</dfn> or
391391 1. Return [=compute the connection status/disconnected=] .
392392 1. Let |triple| be the result of running [=compute the connected account key=] given |provider|,
393393 |account|, and |globalObject|.
394+ 1. Let |idpOrigin| be the [=url/origin=] corresponding to |provider|'s
395+ {{IdentityProviderConfig/configURL}} .
396+ 1. Let |rpOrigin| be |globalObject|'s [=associated Document=]' s [=Document/origin=] .
394397 1. If [=connected accounts set=] [=list/contains=] |triple|, return
395398 [=compute the connection status/connected=] .
396- 1. Return [=compute the connection status/disconnected=] .
399+ 1. Otherwise, if account| [=map/contains=] {{IdentityProviderAccount/approved_clients}} ,
400+ |account|'s {{IdentityProviderAccount/approved_clients}} [=list/contains=] |provider|' s
401+ {{IdentityProviderConfig/clientId}} , and third party cookies are available for |idpOrigin|
402+ on |rpOrigin|, return [=compute the connection status/connected=] .
403+ 1. Otherwise, return [=compute the connection status/disconnected=] .
397404</div>
398405
399406<div algorithm>
@@ -1525,13 +1532,16 @@ When invoking the {{IdentityProvider/getUserInfo()}} method given an {{IdentityP
15251532 1. Let |document| be |globalObject|'s [=associated Document=] .
15261533 1. If |document| is not [=allowed to use=] the [=identity-credentials-get=]
15271534 [=policy-controlled feature=] , throw a "{{NotAllowedError}} " {{DOMException}} .
1528- 1. If there does not exist an account |account| such that [=connected accounts set=]
1529- [=list/contains=] the result of [=compute the connected account key=] given |account|,
1530- |provider|, and |globalObject|, then [=reject=] |promise| with a "{{NetworkError}} "
1531- {{DOMException}} . This check can be performed by iterating over the
1532- [=connected accounts set=] or by keeping a separate data structure to make this lookup fast.
15331535 1. Let |configUrl| be the result of running [=parse url=] with |provider|'s
15341536 {{IdentityProviderConfig/configURL}} and |globalObject|.
1537+ 1. If both of the following are true, throw a new "{{NetworkError}} " {{DOMException}} :
1538+ * There does not exist an account |account| such that [=compute the connection status=] of
1539+ |provider|, |account|, and |globalObject| returns
1540+ [=compute the connection status/connected=] . This check can be performed by iterating
1541+ over the [=connected accounts set=] or by keeping a separate data structure to make this
1542+ lookup fast.
1543+ * There is third party cookie access for |configUrl|'s [=url/origin=] on |document|' s
1544+ [=Document/origin=] .
15351545 1. If |configUrl| is failure, throw an "{{InvalidStateError}} " {{DOMException}} .
15361546 1. If |document|'s [=Document/origin=] is not [=same origin=] as |configUrl|' s [=url/origin=] ,
15371547 throw an "{{InvalidStateError}} " {{DOMException}} .
0 commit comments