Contact emails [email protected], [email protected]
Explainer Error API: https://github.com/fedidcg/FedCM/issues/488 AccountAutoSelectedFlag: https://github.com/fedidcg/FedCM/issues/497 Hosted domain: https://github.com/fedidcg/FedCM/issues/427 Revocation: https://github.com/fedidcg/FedCM/issues/496 Specification We will add specification as we evolve the features during prototyping Summary This entry covers a few incremental extensions to the FedCM API: - With the Error API, the browser can inform users with proper error messages when their sign-in request has failed. - With the AccountAutoSelected Flag API, the browser could help developers to determine if FedCM token requests were initiated with explicit user permission to improve their services. - With the Hosted Domain API, RP can choose to only show the accounts which are associated with a certain domain. - With the Revocation API, developers can revoke the connection between RP and IdP upon user request and update the browser to optimize the future flows. Blink component Blink>Identity>FedCM <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> Motivation See summary above TAG review None TAG review status Not started Risks Interoperability and Compatibility These are extensions to the FedCM API. Apple <https://lists.webkit.org/pipermail/webkit-dev/2022-March/032162.html> and Mozilla <https://github.com/mozilla/standards-positions/issues/618#issuecomment-1221964677> have both expressed a positive opinion on the initial FedCM API. They have not yet shipped but Mozilla is prototyping <https://groups.google.com/a/mozilla.org/g/dev-platform/c/ncmUwK1uO98/m/COhPA4ZrAAAJ>. If a user agent chooses not to implement these extensions, it will limit the quality of the UI that it can provide to users, but should not break the FedCM flow. Gecko: No signal WebKit: No signal Web developers: Positive. These features are being developed to address existing use-cases which will not be possible once third-party cookies are phased out. Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? FedCM API is not available in WebView Debuggability Same as FedCM API in general – console messages in devtools and general JS debugging Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? We will add tests as we implement Flag name chrome://flags/#fedcm-error chrome://flags/#fedcm-account-auto-selected-flag chrome://flags/#fedcm-hosted-domain chrome://flags/#fedcm-revocation Requires code in //chrome? True Estimated milestones 119-120 Link to entry on the Chrome Platform Status Error and AccountAutoSelectedFlag <https://chromestatus.com/feature/5384360374566912> Hosted Domain and Revocation <https://chromestatus.com/feature/5202286040580096> Links to previous Intent discussions https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/bzghj9N3AQAJ -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCNC%2BgXukP67papubLK02hoARPjV_k9G%3D4ax2%3DbS5zx%2Brg%40mail.gmail.com.
