Thanks Yoav for the review! > It'd be useful to write a short (inline?) explainer here outlining what this does and how it'd look like. Specifically, would we start throwing on errors in scenarios that silently failed before?
For the Error API, it allows IdP to signal to the browser about the sign-in failure details such that the browser can make sure the user is kept informed with possibly next steps. Without this API, when a user clicks the "Continue as Name" button to sign-in, if it fails for whatever reasons, the browser rejects the promise silently so the user could be confused about the status. The fact that we are delaying rejecting the promise (for privacy reasons) would make it worse because the website wouldn't learn about the failure immediately either. With this API, the browser will first show a native UI with proper strings to explain the error to users and possibly allow users to learn more about next steps. It will also reject the promise with the errors (if provided by IdP) via IdentityCredentialError instead of a generic DOMException (which we currently use). You could find more details here <https://github.com/fedidcg/FedCM/issues/488#issuecomment-1679742999>. For the AutoSelected Flag API, it shares whether auto re-authentication has been triggered during the flow with both IdP and RP. By default the CredentialManagement API supports credential auto selection when possible. However, the browser may decide not to trigger auto selection for legitimate reasons. While the exact reason should be opaque to IdP or RP, we could share with them the outcome such that they can better understand the flow and handle things differently. e.g. for metrics purposes they could know how many transactions were done with auto re-authentication to better understand the performance; in addition, an IdP can use the signal (boolean) to support some security related features. e.g. a user may prefer explicitly selecting an account with an IdP, if the IdP gets a token request that shows the account was automatically selected, they could reject the request and trigger a new sign-in flow to ask for explicit user mediation. You could find more details here. <https://github.com/fedidcg/FedCM/issues/497#issuecomment-1698174046> > What's preventing these PRs from landing? We aligned with Mozilla, who is prototyping FedCM in Firefox right now, that such spec changes should be reviewed by at least two implementers before merging. While we have discussed the two APIs <https://github.com/fedidcg/meetings/blob/main/2023/2023-10-02-notes.md> at FedIdCG and it "generally looks reasonable", it's not yet formally reviewed by Mozilla (hence the "Under consideration" signal). Thanks. Yi On Wed, Oct 25, 2023 at 11:19 AM Yoav Weiss <yoavwe...@chromium.org> wrote: > > > On Monday, October 23, 2023 at 3:03:59 PM UTC+2 blink-dev wrote: > > Contact emails > > y...@chromium.org > > Explainer > > https://github.com/fedidcg/FedCM/issues/488 > > > It'd be useful to write a short (inline?) explainer here outlining what > this does and how it'd look like. > Specifically, would we start throwing on errors in scenarios that silently > failed before? > > > https://github.com/fedidcg/FedCM/issues/497 > > > Similarly a short explainer outlining what this does and how would help > reviewing this intent. > > > Specification > > https://github.com/fedidcg/FedCM/pull/498 > > https://github.com/fedidcg/FedCM/pull/500 > > > What's preventing these PRs from landing? > > > > Design docs > > https://docs.google.com/document/d/1DEjbFSAMmmT47_ > n8JBLmcleCNPz_WS5a24WDrglSQMo/edit?usp=sharing > > Summary > > Dedicated APIs to help developers and users to better understand the > authentication flow. Both APIs are triggered post user permission to sign > in to an RP with an IdP. i.e. after the user clicks the "Continue as" > button. > > > - With Error API, if a user's sign-in attempt fails, the IdP can share the > reasons with the browser to keep both users and RP developers updated. > > - With AutoSelectedFlag API, both IdP and RP developers could have a > better understanding about the sign-in UX, evaluate performance and segment > metrics accordingly. > > > Blink component > > Blink>Identity>FedCM > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> > > Search tags > > fedcm <https://chromestatus.com/features#tags:fedcm> > > TAG review > > https://github.com/w3ctag/design-reviews/issues/893 > > TAG review status > > Issues addressed > > Risks > > Interoperability and Compatibility > > These are extensions to the FedCM API. Apple and Mozilla have both > expressed a positive opinion on the initial FedCM API > <https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/bzghj9N3AQAJ>[1] > and Mozilla is currently prototyping > <https://groups.google.com/a/mozilla.org/g/dev-platform/c/ncmUwK1uO98/m/COhPA4ZrAAAJ> > the FedCM API. If a user agent chooses to not implement these extensions, > it may hurt the quality of the UI that they can provide to users, but > should not break the FedCM flow. > > Gecko: Under consideration (https://github.com/fedidcg/FedCM/pull/498 > > https://github.com/fedidcg/FedCM/pull/500) Firefox has asked us not to > file standard position, and they provided feedback in the GitHub PR. > > WebKit: No signal (https://github.com/WebKit/ > standards-positions/issues/249) > > Web developers: Positive These features are being developed to address > existing use-cases which will not be possible once third-party cookies are > phased out. > > Other signals: > > Security > > For the Error API, the browser may open a pop-up window with a URL > provided by the IdP when an error happens. It has the same web platform > properties as what one would get with > window.open(url,””,”popup,noopener,noreferrer”)) > that loads the error.url. There's no communication between the website and > this pop-up is allowed (e.g. no postMessage, no window.opener). We have > also considered the potential phishing risk and had the mitigations in > place (see the explainer for more details). > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > FedCM is not supported in WebView > > > Debuggability > > The two new APIs are extensions of the FedCM API which has proper devtools > support. > > > For the Error API, the browser takes an error returned by the IdP (if any) > and rejects the promise with an error exception. For RP developers, the > only thing that they need to take care of is handling the exception which > may not need DevTools support. For IdP developers, the only potentially > useful information that we could add to the console is when the error URL > is cross-site to the IdP in which case we won't use the error URL in the > flow. > > For AutoSelectedFlag API, it just introduces a new boolean for both IdP > and RP developers to parse. We believe that in this case we don't need to > provide extra information in DevTools. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > FedCM is available in all Blink platforms except for WebView. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > Yes. > > Testing on wpt.fyi is blocked on https://github.com/web- > platform-tests/wpt/pull/40709 getting reviewed and merged. Otherwise, we > are adding tests that will be in the credential-management directory as > shown on the WPT dashboard here: https://wpt.fyi/results/ > credential-management?label=experimental&label=master&aligned > > > DevTrial instructions > > https://github.com/fedidcg/FedCM/blob/main/explorations/HOWTO-chrome.md > > Flag name on chrome://flags > > chrome://flags/#fedcm-error > > chrome://flags/#fedcm-auto-selected-flag > > Finch feature name > > FedCmError > > FedCmAutoSelectedFlag > > Requires code in //chrome? > > True > > Tracking bug > > https://crbug.com/1477253 > > Launch bug > > https://launch.corp.google.com/launch/4273845 > > Sample links > > https://drive.google.com/file/d/1Z8r4OkQMmKulGv-vf- > XTfwqh6VUyGZF9/view?usp=sharing > > Estimated milestones > > Shipping on desktop > > 120 > > Shipping on Android > > 120 > > > > > Anticipated spec changes > > None > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5384360374566912 > > Links to previous Intent discussions > > Intent to prototype: https://groups.google.com/a/ > chromium.org/g/blink-dev/c/YfaGM8v-Ocs/m/4E0RHMhJAwAJ > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCM8FnGsYjCQhzskrzU4RK9fMvpSBv23VV4Cdtr%2BMj0O2w%40mail.gmail.com.
