LGTM2 On Wed, Jan 3, 2024 at 8:40 AM Mike Taylor <miketa...@chromium.org> wrote:
> LGTM1 > On 1/2/24 11:42 AM, Nicolás Peña wrote: > > Brief update: both spec PRs are now merged. Hoping to ship in M122. > > On Friday, December 15, 2023 at 2:29:58 PM UTC-5 Nicolás Peña wrote: > >> Contact emails >> >> n...@chromium.org >> >> Explainer >> >> Domain Hint (formerly hosted domain): >> https://github.com/fedidcg/FedCM/issues/427 >> >> Disconnect (formerly revoke): https://github.com/fedidcg/FedCM/issues/496 >> >> (Note: in the FedCM team, we have explainers in the form of GitHub issues >> per feedback >> <https://github.com/fedidcg/FedCM/issues/431#issuecomment-1425025469> >> from FedID CG. The issue and the first comment are the explainers in each >> case.) >> >> Specification >> >> Domain Hint: https://github.com/fedidcg/FedCM/pull/512 >> >> Disconnect: >> https://fedidcg.github.io/FedCM/#browser-api-identity-credential-disconnect >> >> >> Note on spec PR merging policy (to answer the question “why has the first >> not been merged”): in the FedID CG, we have agreed that non-editorial spec >> PRs require review from two implementations. Disconnect has been approved, >> while domainHint is still under review. Both features have been discussed >> thoroughly in the FedID CG and the feedback there has been incorporated. >> >> Summary >> >> Allows showing only accounts matching a given domain hint in the FedCM >> account chooser, and allows disconnecting a federated login account via the >> relying party website. With domain hint, developers may provide a better UX >> by only showing the federated login accounts from the domain that they >> accept. With the disconnect API, a relying party (RP) may notify the >> identity provider (IdP) that an IdP account previously used via FedCM in an >> RP is now disconnected, and hence using that account again via federated >> login would require treating it as a new account. >> >> Blink component >> >> Blink>Identity>FedCM >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> >> >> TAG review >> >> https://github.com/w3ctag/design-reviews/issues/893 >> >> TAG review status >> >> Issues addressed >> >> Risks >> >> Interoperability and Compatibility >> >> These are small additions to the FedCM API, which has (general) support >> from WebKit and Mozilla. They haven't shipped FedCM yet, but it would not >> be a lot more work to add these features. If a user agent did not have >> domain hint support, this would mean it would show more accounts in the >> chooser compared to user agents which do have domain hint support. Not >> adding disconnect would mean that this feature of allowing RPs to >> disconnect accounts would not be available in the browser, but it would not >> impact the FedCM API otherwise. >> >> >> Gecko: Positive for disconnect and no signal yet for domainHint. Firefox >> asked us to not send standards positions requests for small FedCM >> additions, and to instead rely on pull requests. See >> https://github.com/fedidcg/FedCM/pull/512 and >> https://github.com/fedidcg/FedCM/pull/515. >> >> WebKit: No signal ( >> https://github.com/WebKit/standards-positions/issues/249) >> >> Web developers: Positive. This is a feature requested by developers to >> satisfy existing flows which break once third-party cookies are removed. >> >> Other signals: >> >> Ergonomics >> >> It will be often used within the FedCM API. We do not see ergonomics >> risks. >> >> >> Activation >> >> Domain hint can be polyfilled via login hint but it would be pretty >> cumbersome to do so. The disconnect API would be hard to polyfill, but >> could perhaps be done in a non-user friendly way via popups. This would >> still be imperfect since the browser knowledge about the connection would >> not be cleared, only the IdP-side disconnection would occur. >> >> >> Security >> >> The Disconnect endpoint will use CORS. An RP may not impact the >> connection status of accounts not belonging to that RP origin. >> >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> N/A (FedCM does not work on WebViews) >> >> >> Debuggability >> >> Console errors and DevTools issues will be used to highlight any issues >> with the disconnect call. >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)? >> >> FedCM is not supported on Android WebView. >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Yes. Look for domainhint and disconnect in >> https://wpt.fyi/results/credential-management?label=experimental&label=master&aligned >> . >> >> >> Flag name on chrome://flags >> >> FedCmDomainHint, FedCmDisconnect >> >> Finch feature name >> >> FedCmDomainHint, FedCmDisconnect >> >> Requires code in //chrome? >> >> True >> >> Tracking bug >> >> https://bugs.chromium.org/p/chromium/issues/detail?id=1473135 (follow >> implementations in the two BlockedOn bugs) >> >> Launch bug >> >> https://launch.corp.google.com/launch/4273848 >> >> Estimated milestones >> >> No milestones specified >> >> >> Anticipated spec changes >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> >> None >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5202286040580096 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1da7172f-acff-43d6-916e-fd4860c1abben%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1da7172f-acff-43d6-916e-fd4860c1abben%40chromium.org?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/caeec1f8-e387-4a02-9691-500ff5def592%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/caeec1f8-e387-4a02-9691-500ff5def592%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-3tU1Yjg%2B7Am%2BrJi9pAPDkTc-SOQVsscocwj8vKeydsg%40mail.gmail.com.
