IdP Registration API: should the browser reveal to the RP when no IdP has registered before?

[samuelgoto]

Currently, if no IdPs registered in the past, the browser reveals to the RP that fact, which could potentially be a breach of the user's privacy.

const credential = await navigator.credentials.get({
  identity: {
    providers: [{
      configURL: "any" // throws if no IdP has called IdentityProvider.register() ahead of time. Should it? 
    }]
  }
});

I'm not sure what the answer is, but I ran into this while testing this, so should be easily reproducible:

https://x.com/samuelgoto/status/1793776387356340357

[cbiesinger]

Looks like the code for that is here: https://source.chromium.org/chromium/chromium/src/+/main:content/browser/webid/federated_auth_request_impl.cc;l=694;drc=98f953c8a23d2008be9f7c8977b3c60d6fdfe53d

[npm1]

That code implies to me that the rejection is being delayed...

[npm1]

I checked and we do delay the rejection, as expected. Thus it is not the case that the browser reveals this information to the RP, as it is indistinguisable from the user closing the dialog once it shows up. Closing