[Spec] Introduce additional output states #292
Conversation
71b6198 to
4f60e9b
Compare
|
Note: I don't like the name |
| :: Reject the {{PaymentRequest/show|PaymentRequest.show()}} with an | ||
| "{{OptOutError}}" {{DOMException}}. See [[#sctn-user-opt-out]]. | ||
|
|
||
| Note: This option only has to be available to the user if |
There was a problem hiding this comment.
Is showing opt allowed when showOptOut is not set or false?
There was a problem hiding this comment.
So currently it is allowed for a user agent to show the opt out option even if showOptOut is set to false / not set:
https://w3c.github.io/secure-payment-confirmation/#sctn-transaction-confirmation-ux
If showOptOut is true, the user agent MUST give the user the opportunity to indicate that they want to opt out of the process for the given relying party. If the user indicates that they wish to opt-out, then the user agent must reject the show() promise with an "OptOutError" DOMException. See § 11.5 User opt out.
This was mostly accidental due to how things were worded (i.e., it's not specified that they cannot show this option if showOptOut is not true), but it's how things are. It's reasonable to change that behavior, but I think it should go in a follow-up spec PR discussed separately?
This change expands the possible outcomes from the transaction confirmation experience, to include the ability for the user to explicitly indicate that they do *NOT* want to continue with the current payment. To achieve this in a privacy-compliant way, this changes SPC behavior to *always* display the transaction confirmation UX, whether or not any credentials matched. The possible outcomes of SPC are now: 1. A signed cryptogram returned - user wishes to proceed with payment and has successfully verified their identity 2. NotAllowedError - user wishes to proceed with payment but either cannot OR does not want to use the passed-in credentials to do that 3. AbortError - user explicitly does not wish to continue with payment. The integrator should return to merchant checkout screen or handle otherwise sensibly. 4. OptOutError - as today, the user wishes for the RP to remove this credential. Fixes #275
d705a22 to
f03caa0
Compare
<
8000
a href="#event-17619921465" data-view-component="true" class="css-truncate css-truncate-target Link--secondary Link">| :: Reject the {{PaymentRequest/show|PaymentRequest.show()}} with an | ||
| "{{OptOutError}}" {{DOMException}}. See [[#sctn-user-opt-out]]. | ||
|
|
||
| Note: This option only has to be available to the user if |
|
Plan is to discuss this PR in the May 22nd WPWG call, and assuming no concerns, merge it. |
|
Discussed on May 22nd call, no concerns raised, landing PR. |
SHA: 64ca553 Reason: push, by stephenmcgruer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
SHA: 64ca553 Reason: push, by stephenmcgruer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This change expands the possible outcomes from the transaction confirmation experience, to include the ability for the user to explicitly indicate that they do NOT want to continue with the current payment. To achieve this in a privacy-compliant way, this changes SPC behavior to always display the transaction confirmation UX, whether or not any credentials matched.
The possible outcomes of SPC are now:
Fixes #275
Tasks:
Preview | Diff