Contact emails
*y...@chromium.org <y...@chromium.org>*Explainer *https://github.com/fedidcg/FedCM/issues/429 <https://github.com/fedidcg/FedCM/issues/429>*Summary *An extension to the existing FedCM API that allows a website to provide its preference for a streamlined UX (automatically, rather than explicitly, re-authenticating the user) when their users return to them. The API design requires that the preference is only respected for returning users, that is if the user has previously and explicitly granted permission for the Relying Party (RP) and Identity Provider (IdP) communication in the browser through a FedCM call.*Blink component *Blink > Identity > FedCM <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EIdentity%3EFedCM&can=2>*TAG review *https://github.com/w3ctag/design-reviews/issues/813 <https://github.com/w3ctag/design-reviews/issues/813>* TAG review status *Pending*Risks Interoperability and Compatibility *Gecko: we have been actively working with Firefox <https://github.com/fedidcg/FedCM/issues/429#issuecomment-1426162273>to standardize this API. In general we are aligned on the feature itself. e.g. auto re-authentication can provide streamlined UX without reducing privacy. Meanwhile, there are some open questions about what API is more suitable to achieve this goal. e.g. Firefox proposed to reuse the “mediation mode <https://www.w3.org/TR/credential-management-1/#mediation-requirements>” in Credential Management API which is a promising direction as well. We will keep evaluating all the proposals and reach an alignment before shipping.WebKit: No signal <https://github.com/WebKit/standards-positions/issues/131> for “auto re-authn” yet. Positive for the general FedCM API.No compatibility risk from an API’s perspective. Auto re-authn is supported by adding a new boolean to the existing FedCM API which is default to false (defaults to the existing behavior).On cross-browser interoperability, because the Auto re-authn API simply controls a UX preference suggested by the relying party, the UA may choose not to respect it (for example, either across all relying parties or through browser settings) and fallback to the existing sign-in flow that requires an explicit user confirmation.Overall, this is a small addition to the FedCM API, and as such mostly inherits the interop and compatibility risks from that API. See https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ <https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ> for the discussion.*Activation *Similar to the FedCM API, we deliberately leave the bulk of the work to the IdP to ensure that minimal RP change is needed (no RP change is needed for IdPs who have already supported similar flow). This feature, specifically, is one that can be currently controlled by JS SDKs, so we expect activation to have a similar profile as FedCM: immediately enabled to websites (without any redeployment) by IdPs making use of it (by redeploying their JS SDKs).*WebView Application Risks *N/A as this feature is not available on WebView.*Goals for experimentation *To learn whether the new streamlined re-authentication experience performs well with users. We are planning to collect the following data points: - number of successful re-authentication flows, - how often a user may want to terminate the flow,- reasonable time for cooldown*Debuggability *Besides regular FedCM support, we show error messages stating why auto re-authn is unavailable. *Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? *NoSimilar to FedCM API, we expect the feature to be available on all platforms (Windows, Mac, Linux, ChromeOS and Android) except WebView.*Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ? *Yes <http://third_party/blink/web_tests/external/wpt/credential-management/fedcm-network-requests.https.html>. (we’re still working on making tests behave as intended on WPT.fyi)* Flag name *chrome://flags/#fedcm-auto-re-authn*Requires code in //chrome? *True*Tracking bug *You can track our progress here:https://crbug.com/1304404 <https://crbug.com/1304404>*Launch bug *https://launch.corp.google.com/launch/4229781 <https://launch.corp.google.com/launch/4229781>*Estimated milestones *M112*Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5108344837111808 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCPnJ78u-M0YqFM5g%2BVZpXA2z%2BX6vYxWo%3D03LrgOXxm4zA%40mail.gmail.com.
