-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I2I: Support CMP Integration with <amp-consent> #17742
Comments
Hi @jeffnordlund-ghost @jawadst @janwinkler, @Waschnick and @consentmanager. |
@jasti Thanks for pinging me, I'll definitely join! |
Few thing I recall from the design review
|
Hi @jeffnordlund-ghost @jawadst @janwinkler, @Waschnick and @consentmanager we are looking for a CMP to integrate with the amp-consent API. Please let me know if you are interested and we can schedule a VC to go over integration details. |
yes please :-) |
Hi @lannka We also have an IAB certified CMP, deployed in several sites, what we'd like to integrate with AMP. I'd appreciate a lot if you could keep me in the loop regarding this Thanks! |
@lannka Happy to help! We already have a first setup running with the existing amp-consent at Didomi so happy to see how the new version would perform with that. |
Sure, we would like to explore a better integration with the amp-consent api. |
Thanks all. @consentmanager @oliverfernandez @jawadst @jeffnordlund-ghost Also what's your timezone so we can schedule a VC. |
Its http://www.consentmanager.net |
You can find and example of our CMP working here (mobile only): https://nospensees.fr/ My timezone is CET as well |
@consentmanager @oliverfernandez @jawadst @jeffnordlund-ghost Thank you all for the interest. We scheduled a meeting on Thursday. To #17983 for meeting details. Please let us know if you plan to attend or suggest a different time. Thanks. |
@zhouyx works for me |
@consentmanager @jawadst @jeffnordlund-ghost in case you didn't see. |
Yes, will be there |
@lannka |
@zhouyx There is an IAB Techlab call at that time that a lot of us are likely to attend. Can we do Friday instead? |
Thank you @jawadst for the heads up. Would the same time on Friday, 2018-09-21 15:30 UTC work for everyone? If so I'll go ahead and change the invitation. Please let us know. Thanks |
Works for me |
works |
@zhouyx Im in the process of supporting amp consent in our cmp (will be utilizing the iframe based approach), read over the following two docs: https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/amp-consent.md I dont see in the docs details about where/how the consentString gets created and stored? From the docs it mentions that the checkConsentHref instructs AMP to make a POST to the specified URL when the consent state is unknown. So lets say, its the first time a user is coming to the AMP page, and therefore that consent is unknown. The endpoint is hit, returns true to show the prompt. We open an iframe showing a consent message, and the user hits Accept. For this case, where/when does the consent string get generated and stored. If its the cmp thats creating it, can you let me know from which API that the cmp has should this be coming back in the response? |
@zhouyx we are currently blocked on the above question, any details you can share would be greatly appreciated. |
Thank you @mguerra10128 for the question. consentString is generated by the CMP, and passed to the AMP doc from the CMP iframe using a post message. For example:
The The post message API is documented at https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/integrating-consent.md#accept Please let me know if this answers your question. Thank you! |
@zhouyx thank you for your quick reply, it was definitely helpful. I'm working with @mguerra10128 to integrate our CMP solution to AMP and there's still one piece of the consent puzzle missing. Here's a snippet of our implementation <amp-consent id="consent" layout="nodisplay">
<script type="application/json">{
"consents": {
"publishers-site-id": {
"checkConsentHref": "/consents/check",
"promptUI": "consentUI"
}
},
"postPromptUI": "privacy-settings-prompt"
}</script>
<div id="consentUI" class="popupOverlay">
<div class="consentPopup">
<amp-iframe
layout="fill"
sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox"
src='//localhost:8080/amp-ui.html'>
<div placeholder>Loading...</div>
</amp-iframe>
</div>
</div>
<div id="privacy-settings-prompt">
<button on="tap:consent.prompt()">Privacy Settings</button>
</div>
</amp-consent> Not sure if this is worth noticing, but we're using localhost to serve the consent ui. Are we missing something? |
Hello @andresilveirah and @mguerra10128 You mentioned that you are integrating with AMP as a CMP. I have a question on how you want to work with publishers. The example you provide (with inline If you are providing solution as a CMP to publishers, please try the Re: the iframe window name. Yes that how the
Thank you |
Hi @zhouyx our intention was to make sure our consent UI (which will be wrapped in the iframe) is complete and working well with the AMP APIs before opening a PR to change the https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/0.1/cmps.js adding our configuration. |
Hello @andresilveirah I see, that's commonly asked question. I should definitely document it better. All configuration can be inlined. When you work on the development, you can simply inline the configuration to test locally. Could you please try inline your configuration? For example:
Let me know if that helps with your development. Thanks. |
Hello @zhouyx that's great! By inlining the CMP's config like you suggested I'm able to test our solution 🎉 window.parent.postMessage({ type: 'consent-ui', action: 'ready' }, '*');
window.parent.postMessage({ type: 'consent-ui', action: 'enter-fullscreen' }, '*'); But the iframe is still displayed at the bottom of the screen: Not sure if this is something related to AMP or styling. And if it's styling, not sure if this is the consent ui's fault or the amp page (loading the Do you have an idea? Just in case it's useful, this is our amp page and here's our consent ui. Really appreciate your help! |
Hi @andresilveirah Great to hear that the inlining configuration works. Just tested your example page. And I can confirm that the Implementation wise, there's a delay between AMP receives the Please let us know your opinion on introducing an initial non blocking prompt window before entering the full screen. Thanks Also regarding amp-consent-blocking meta tag, the topic has been discussed here. #17742 (comment) Thanks! |
Hi @zhouyx thank you for all your support. The Regarding the blocking behaviour. If I understood correctly, just by having a Perhaps, if I can stretch this comment just a bit further, do you mind having a look at #23917 ? |
Hello @andresilveirah
Thanks for the feedback. The decision was made along with our UX engineer after studying a list of existing CMP solutions. We are hoping to not break user experience too much by limiting the size of the consent UI. Please let us know if you can workaround with this. We're also open to any change as long as we can ensure good user experience. Thanks
That's right. You will either need the
Yes and no. If an ad vendor has opt-in to handle consent, then yes. It will be up to them to consume the consent state and string. However if an ad vendor hasn't declared to handle consent, then the AMP runtime will instead handle the consent state and block the ad from rendering accordingly. |
Hi @zhouyx I have the feeling every time you answer me I come up with 2 new questions 😅
That makes sense. But what happens if the user has given consent to only some vendors in the page? In our case, that'd trigger an What about non-IAB vendors? Is there a way we could pass the consent signal to vendors which aren't included in the consent string, individually? Or do we have to stick with a binary accept all or none? |
Hello @andresilveirah Those are great questions!
That's right. As you also mentioned. There's a caveat here, Two vendors that don't handle consent doesn't work well together. The reason behind is that AMP doesn't want to set up its own consent string format to support such use case. Let me know what do you think, or if there are any good ideas on collecting consent for individual vendors. Thanks! |
Hi @zhouyx We have a CMP and would like to integrate AMP. Here is the related I2I issue : #24879 We started the development and everything works well so far but after having been through all the discussions and documentation, I still have some questions.
Thanks! |
Hi @zhouyx can you help us in integrating our CMP in AMP ? Thanks! |
@tla-sirdata replied to your questions in #24879 as this thread is getting too long. Thanks |
Hi,
Summary:
Regards, |
Hello @Vasile-Peste, happy to clarify. We've changed the API and naming a bit from the proposal here. Please refer to https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/amp-consent.md for latest doc.
Yes an no.
Stored consentString will be passed to the iframe via name attribute, it will also be passed to
Good point! There's currently no way to pass |
Hello folks, |
@zhouyx |
Thanks @jawadst |
Hello all! We're going to hold a breakout session about consent support in AMP during the online OpenJS World & OpenJs Collaborator Summit next week. (The AMP Contributor Summit has been merged into this summit this year) We'll be covering updates on Monday June 22 - OpenJS Collab Summit New Contributor Day Most of the AMP-community-specific talks and breakout sessions will be on Thursday & Friday, but everyone is welcomed/encouraged to attend all days to engage with the wider web/JS community. The AMP talk & breakout schedule will be coming soon. :) Thanks! |
Here's the AMP talk & breakout schedule. https://docs.google.com/spreadsheets/d/1GY9qNrjxM6Ro-jFSGscL11sKQA46msRMdSrQMhTL8K0/edit#gid=461228868 |
I'm wondering if there is a plan to support Google's Additional Consent Mode in AMP: https://support.google.com/admanager/answer/9681920 |
Thanks for the question. Yes the AMP team is aware of the additional consent string and has added support to allow CMPs to pass that to AMP via metadata additionalConsent field. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
To #15653
Overview
The following sections will try to answer these questions:
Background
<amp-consent>
provides a solution for publishers to collect user consent and block or unblock any AMP component in an AMP page. Currently, this solution only allows the publisher to collect a boolean consent for all vendors in the consent UI.To support per purpose and per vendor based consents and allow for third party integration from Consent Management Platforms (CMP) with publisher AMP pages, AMP will enhance
<amp-consent>
. It will allow for richer interaction between the publisher page, vendors, CMP and ad extensions on AMP pages that need to know about the consent status. AMP must make such an API for CMPs because AMP doesn’t allow custom JavaScript to run on the page and therefore a CMP must integrate with the AMP framework to integrate with a publishers page.Data Flow Desing
The following section explains each step in terms of data structure and API.
Read data from localStorage (Step 1)
Data includes the stored consent string and CMP stored information.
Pass information to CMP endpoint (Step 2)
The following data with be passed through a POST request
CMP endpoint response (Step 3)
Endpoint returns a JSON object
Initiate the UI iframe (Step 4)
Data will be stringified and passed via the iframe name attribute
Iframe returns user decision (Step 5)
UI iframe will pass the consent information back to
<amp-consent>
via postMessageconsentStr
is required to pass the value to vendors.action
is optional. When specified, it instructs components that don’t understand consent string to load or not based on the publisher’s configurations.cmpStoredData
value will be stored per the CMP requestStore consent information (Step 6)
Store the
consentStr
and thecmpStoredData
to localStoragePass consent information (Step 7)
AMP components on the AMP page (vendors in the format
<amp-ad type=${vendorName})>
can access consent information with function callWhere the function returns an object that merge the value of
consentStr
andsharedData
Blocking Behaviors
Default Blocking Behaviors
When a CMP is present on the page, AMP runtime behavior will default to:
<amp-ad>
components on the page from rendering<amp-ad>
and pass the response to themStore the response as instructed.
<amp-ad>
components (unless the publisher specifies not to by adding thedata-block-on-consent
attribute) and passesthe response to them.Special Cases
Publishers can override the default behavior and customize the blocking behaviors by tagging the components manually.
<amp-ad data-block-on-consent=”_never”>
<amp-ad>
: Use the existingdata-block-on-consent
attribute. However, the value of the returned action (accept/reject/dismiss), depends on the agreement between the publisher and the CMP.Prompt Window
External Iframe
AMP consent will load and render the CMP’s prompt UI in a cross domain iframe, where the CMP will have full control. However, AMP runtime will control the life cycle of the iframe, dictating when to load or unload it.
Default placeholder
AMP will apply a placeholder before the CMP iframe loads to improve user experience.
The placeholder will not block the user from interacting with the rest of the page.
UX design will be added once ready.
Iframe Size and Placement
AMP will make the prompt UI interstitial by default. CMP and publishers will NOT be able to customize the size and the placement of the iframe. AMP will create a modal layer and place the iframe with default aspect width and height ratio in the center.
Consent String
Consent string contains the user decision and will be stored and passed to vendors. Vendors will interpret the consent string and respond accordingly.
Format
Because different CMPs want to store different consent strings for customized vendors in addition to the IAB consent string, AMP will not enforce format on the consent string, or attempt to interpret the consent string before passing the information to vendors. AMP would require CMP to indicate their string as IAB so that vendors can understand. Please note in MVP, not API will be provided to vendors, and vendors need to interpret consent string themselves.
Storage Limit
When the cached AMP page is served from the google.com. All information will be stored under the google.com domain. Because of it, AMP consent has to be very cautious of the storage usage.
In order to be space efficient, AMP restricts the size of total stored value to an upper limit of 300 bytes. That includes the consent string and the CMP private stored string, if one exists. CMPs should work with their partner vendors to compress their consent string.
In the case that a CMP asks AMP to store information that exceeds the size limit, AMP will:
<amp-ad>
components and make the consent string information globally accessible to all AMP components the consent string information but w/o storing the value for next visit.Access
The consent string is made available to all AMP components on the page and to the CMP.
To AMP components and vendors
AMP components can call where the policyId can be interpreted from the data attribute.
3P ad that integrate with AMP can find the string at (similar to supported sharedData)
To CMP
CMP will have access to the consent string. Per their request a CMP will also have access to the CMP stored data. Note that passing CMP stored data is not in scope with the initial implementation.
The stored value will be divided into two parts.
Where consent string can be shared to all components, stored string will only be shared with the CMP.
CMP Integration
A CMP named
foo_bar
will integrate with AMP in the following way.Check in configuration
Add the configuration as part of the
<amp-consent>
codebase. This will allow AMP to recognize the CMP, perform steps to check if consent is necessary, handle storage and UI.storageKey
instructs AMP runtime to store the consent information under this unique key name. Note: AMP will append prefix to the key. If not specified, AMP will assume CMP does not require consent string to be stored client side.Unlike the current DIY approach with
<amp-consent>
, CMP will be able to specify the storage key value instead of publishers. This is easier for CMP to bump up versions because they have control of the storageKey.checkConsentHref
is a field AMP consent already supports. It allows the AMP consent component to ask the CMP if consent is required for a user. This field is required, as it is the key to instruct AMP runtime to ask for consent and block other components on the page. For more details, please refer to the section hereNote:the existing
promptIfUnknowForGeoGroup
for CMP integration won’t be provided as AMP expects CMP to host their own endpoint instead of depending on publishers configuration on the<amp-geo>
component.src
is the source for the foreign iframe. It is also a required field. Once AMP consent decides to prompt, it will create a foreign iframe with the src given.Host endpoint
AMP consent will rely on the host endpoint to determine if the prompt is required with the
checkConsentHref
request.Consent Dialog
The CMP will need to modify their prompt logic to function in a cross domain iframe. And communicate with the parent host AMP page through the proposed communication APIs.
Publisher’s Configuration
To work with a CMP, publisher’s configuration will need to stay minimal.
Type Attribute
A type attribute with a valid CMP name value instructs the
<amp-consent>
component to load the CMP config.CMP Object
All configuration within the
cmp
object will be passed to the CMP, both withcheckConsentHref
and iframe (added to the name attribute).PostPromptUI
CMP’s support to postPromptUI has not been discussed yet. Right now publishers can still put their own postPromptUI element on the page and reference the element.
Other topics
Below is a list of topics we have talked about but not covered in the current design. We may look into supporting it in the future.
Allow publishers to still use the
<amp-geo>
component to reduce one roundtrip of latencyProvide support for CMP to store consent server side but not client side
The text was updated successfully, but these errors were encountered: