The Registration API: Consider not making requests to unknown login status

[cbiesinger]

IdPs currently start out in an unknown status (in Chrome). But with the registration API, we may have a lot of IdPs. Maybe we should only make requests to IdPs with a logged-in status for the registration API specifically?

[samuelgoto]

Maybe we should only make requests to IdPs with a logged-in status for the registration API specifically?

If an IdP manages to call a IdentityProvider.register() to register a user, they can also manage to call a navigator.login.setStatus() to prime the Login Status initial state, right?

[cbiesinger]

Yes that was my thinking

[samuelgoto]

Maybe we should only make requests to IdPs with a logged-in status for the registration API specifically?

Yeah, I think this would be a reasonable requirement.

[aaronpk]

We should make sure we consider the implications to "button mode" too.

[npm1]

Is the suggestion basically to not have 'unknown' for registered IDPs? E.g. they are always either logged in or logged out?

[samuelgoto]

Is the suggestion basically to not have 'unknown' for registered IDPs? E.g. they are always either logged in or logged out?

Yeah, I think that's what Christian is suggesting.

[cbiesinger]

When I filed this, I was thinking that in RequestToken we basically change unknown to logged-out for an IDP if it came from configURL:any.

However we could also have IdentityProvider.register have an implied setStatus(logged-out) if the status was unknown.