4 files changed, 70 insertions, 2 deletions

diff --git a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-disallowed.https.html b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-disallowed.https.html
new file mode 100644
index 0000000000..fcda3a3dd5
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-disallowed.https.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API network request tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<body>
+
+<script type="module">
+import {fedcm_test,
+        request_options_with_mediation_required,
+        select_manifest,
+        fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+  // First, do a regular fedcm request so we that we can be considered
+  // a returning user below.
+  let options = request_options_with_mediation_required();
+  await fedcm_get_and_select_first_account(t, options);
+
+  // Now do a silent mediation request.
+  options = request_options_with_mediation_required('manifest_with_continue_on.json');
+  options.mediation = 'silent';
+  await select_manifest(t, options);
+  const cred_promise = fedcm_get_and_select_first_account(t, options);
+  return promise_rejects_dom(t, 'NetworkError', cred_promise);
+}, "continue_on with mediation:silent should fail");
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-with-account.https.html b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-with-account.https.html
new file mode 100644
index 0000000000..5bd8ef34fe
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on-with-account.https.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API network request tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<body>
+
+<script type="module">
+import {fedcm_test,
+        request_options_with_mediation_required,
+        select_manifest,
+        fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+  const options = request_options_with_mediation_required('manifest_with_continue_on.json');
+  options.identity.providers[0].nonce = "accountId=jane_doe";
+  await select_manifest(t, options);
+  const cred = await fedcm_get_and_select_first_account(t, options);
+  // This indicates the account that was selected in the dialog,
+  // not the account that was specified in IdentityProvider.resolve,
+  // hence we get 1234 instead of jane_doe.
+  assert_equals(cred.token, "account=1234");
+
+  // Now, jane_doe should be considered a returning user. Make sure
+  // auto reauthentication works. We have to use optional instead of
+  // silent so that we can open the continue_on popup.
+  options.mediation = "optional";
+  return test_driver.bless('initiate FedCM request', async function() {
+    let cred2 = await navigator.credentials.get(options);
+    assert_equals(cred2.token, "account=jane_doe");
+  });
+}, "continue_on and IdentityProvider.resolve work correctly.");
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on.https.html b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on.https.html
index 3ce1f51e37..c7da5384af 100644
--- a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on.https.html
+++ b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-continue-on.https.html
@@ -18,7 +18,7 @@ fedcm_test(async t => {
   const options = request_options_with_mediation_required('manifest_with_continue_on.json');
   await select_manifest(t, options);
   const cred = await fedcm_get_and_select_first_account(t, options);
-  assert_equals(cred.token, "resolved token");
+  assert_equals(cred.token, "account=1234");
 }, "continue_on and IdentityProvider.resolve work correctly.");
 
 </script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-userinfo-after-resolve.https.html b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-userinfo-after-resolve.https.html
index ef53ed4ffc..0521f4a2ab 100644
--- a/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-userinfo-after-resolve.https.html
+++ b/testing/web-platform/tests/credential-management/fedcm-authz/fedcm-userinfo-after-resolve.https.html
@@ -29,7 +29,7 @@ fedcm_test(async t => {
   const options = alt_request_options_with_mediation_required('manifest_with_continue_on.json');
   await select_manifest(t, options);
   const cred = await fedcm_get_and_select_first_account(t, options);
-  assert_equals(cred.token, "resolved token");
+  assert_equals(cred.token, "account=1234");
 
   const iframe_in_idp_scope = `${alt_manifest_origin}/\
 credential-management/support/fedcm/userinfo-iframe.html`;