Thank you for the explanation!

LGTM1

On Mon, Nov 25, 2024, 1:53 p.m. Christian Biesinger <cbiesin...@chromium.org>
wrote:

>
>
> On Mon, Nov 25, 2024 at 12:47 PM Vladimir Levin <vmp...@chromium.org>
> wrote:
>
>> Hey Christian,
>>
>> Thank you for your reply. Additional questions below.
>>
>> On Fri, Nov 22, 2024 at 7:00 PM Christian Biesinger <
>> cbiesin...@chromium.org> wrote:
>>
>>> Hi Vlad,
>>>
>>> The fields are standardized in the linked spec PR at
>>> https://github.com/w3c-fedid/FedCM/pull/668/files#diff-40cc3a1ba233cc3ca7b6d5873260da9676f6ae20bb897b62f7871c80d0bda4e9R1371
>>> We only want RPs to specify fields that are in this spec or a future
>>> version of it, although I recognize that because of the semantics of this
>>> parameter we can not enforce that. (custom scopes should be sent in
>>> `params`)
>>>
>>> multiple configURLs is needed because our partner needed to use a
>>> different ID assertion endpoint for users requesting additional scopes.
>>>
>>> I am unsure if I can share the exact use case of our partner regarding
>>> labels. But there are certain account types of this partner that they only
>>> support on the "authorization" endpoint and not on the regular
>>> "authentication" endpoint, and so they want that to be reflected in the
>>> account list (instead of failing later on).
>>>
>>
>> That's understandable, I was just hoping for an example of how this flow
>> would work. My understanding is something like the following. Suppose I
>> have two accounts Foo and Bar that are provided by one IdP and the RP will
>> need some additional scope that is only available for Foo. Then the filter
>> API allows the browser to filter out Bar and only display Foo as an
>> available option. What I'm missing is how this is orchestrated. Is it that
>> RP that requests this filtering or IdP and how does the browser orchestrate
>> this. From my reading IdPs return a list of all possible labels for each
>> account and RPs request specific labels, and then the browser does the
>> filtering. Is that correct? I'm guessing there is no optionality here in
>> that if the list, for example, ends up being filtered to nothing, then RPs
>> don't have a chance to say "this scope was nice to have but not required".
>> What is the UX here if there is no match?
>>
>
> Let's say some account types do not support scopes at all and some do.
> Then the IDP will provide two different config files, one with `accounts:
> {include: "supports_scopes"}`, one with `accounts: {include:
> "does_not_support_scopes"}`. The account endpoint will send the correct
> label for each account. If an IDP has a smallish list of possible scopes,
> they can also provide a per-scope config file. We could let an RP specify
> labels directly in the future but have not done so here. (such a feature
> would have overlap with account/domain hints)
>
> It is correct that there is no way to say "an account label would be nice
> but is not required", or indeed "a field would be nice but is not
> required". This could be added in the future.
>
> UI-wise, "no matching accounts" is treated the same as if an account hint
> or domain hint does not match. The UI has gone through a few iterations, I
> believe what we settled on was show a dialog with a "log in to IDP" button
> for passive mode and a list of greyed out accounts for active mode, but I
> may misremember these details.
>
> Christian
>
>
>> Thanks,
>> Vlad
>>
>>
>>> I have summarized the OT feedback in the initial email under "Link to
>>> origin trial feedback summary".
>>>
>>> Thanks,
>>> Christian
>>>
>>> On Fri, Nov 22, 2024 at 3:12 PM Vladimir Levin <vmp...@chromium.org>
>>> wrote:
>>>
>>>> Hey,
>>>>
>>>> Looking over the first three APIs (Continuation API, Parameters API,
>>>> Fields API), I understand how it solves the problem of asking for
>>>> additional data from IdPs. Essentially (and please correct me if I'm
>>>> wrong), RPs specify a list of fields (i.e. scopes), then the browser
>>>> chooses whether to mediate or delegate based on whether it knows how to
>>>> handle these scopes. [Side question: are these fields/scopes standardized
>>>> somewhere: how is collision with what IdPs can provide vs the browser
>>>> thinks it can mediate avoided?].
>>>>
>>>> What is unclear to me is how the next two features (Multiple
>>>> configURLs, Custom account labels) contribute to the experience. It seems
>>>> that it allows the IdPs to provide different sets of accounts for different
>>>> labels. Does that mean when the browser mediates account selection, it
>>>> considers these labels and filters some accounts? Is this used when RPs
>>>> need a particular field and only some accounts provide that? Is there a
>>>> comprehensive "real world" example of this somewhere in the docs?
>>>>
>>>> Separately, these features went through OT: is there a doc summarizing
>>>> the participants' feedback?
>>>>
>>>> Thanks!
>>>> Vlad
>>>>
>>>> On Wed, Nov 13, 2024 at 12:23 PM Christian Biesinger <
>>>> cbiesin...@chromium.org> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Wed, Nov 13, 2024 at 11:29 AM Chris Harrelson <
>>>>> chris...@chromium.org> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 7, 2024 at 3:46 PM Christian Biesinger <
>>>>>> cbiesin...@chromium.org> wrote:
>>>>>>
>>>>>>>
>>>>>>> Contact emails
>>>>>>>
>>>>>>> cbiesin...@chromium.org
>>>>>>>
>>>>>>> Explainer
>>>>>>>
>>>>>>> Use case we want to support:
>>>>>>> https://github.com/w3c-fedid/FedCM/issues/477
>>>>>>>
>>>>>>> Derived explainers:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/555
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/556
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/559
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/552
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/553
>>>>>>>
>>>>>>> Specification
>>>>>>>
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/662 (continuation API)
>>>>>>>
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/661 (parameter API, merged)
>>>>>>>
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/668 (fields API)
>>>>>>>
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/667 (multiple configURLs)
>>>>>>>
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/669 (account labels)
>>>>>>>
>>>>>>
>>>>>> Most of these are still open, is something blocking finishing and
>>>>>> landing these spec PRs?
>>>>>>
>>>>>>
>>>>>
>>>>> We are waiting for reviews from outside of the team and WG approval to
>>>>> land them. No real blocker otherwise. A lot of WG calls have been 
>>>>> cancelled
>>>>> recently which makes landing these take longer than we had hoped for.
>>>>>
>>>>> Christian
>>>>>
>>>>>
>>>>>>
>>>>>>> Summary
>>>>>>>
>>>>>>> This bundles a few features that we would like to launch at the same
>>>>>>> time. We are bundling them together because they can be used by IdPs to
>>>>>>> implement authorization flows such as letting a user grant access to a
>>>>>>> user’s calendar to an RP. See also
>>>>>>> https://github.com/w3c-fedid/FedCM/issues/477. Specifically:
>>>>>>>
>>>>>>>    -
>>>>>>>
>>>>>>>    The IdP needs to be able to show a custom prompt for the
>>>>>>>    permission (continuation API)
>>>>>>>    -
>>>>>>>
>>>>>>>    The RP needs an extensible way to communicate to the IdP what it
>>>>>>>    wants access to (parameters API)
>>>>>>>    -
>>>>>>>
>>>>>>>    The RP needs to be able to customize/suppress the text referring
>>>>>>>    to the IdP sharing “name, email address and profile picture” because 
>>>>>>> in
>>>>>>>    this situation they are asking for different information (fields API)
>>>>>>>    -
>>>>>>>
>>>>>>>    The IdP may want to use a different endpoint to implement the
>>>>>>>    authorization flow (multiple configURLs)
>>>>>>>    -
>>>>>>>
>>>>>>>    Certain accounts may only be eligible for one of the
>>>>>>>    authentication and authorization flows and so there needs to be a 
>>>>>>> way to
>>>>>>>    show different accounts in the two flows (account labels API)
>>>>>>>
>>>>>>>
>>>>>>> In addition, the APIs are solving a series of related FPWD blockers
>>>>>>> <https://github.com/w3c-fedid/FedCM/wiki/Status-of-FPWD%E2%80%90identified-Issues>
>>>>>>> identified
>>>>>>> <https://lists.w3.org/Archives/Public/public-fedid-wg/2024Jul/0006.html>
>>>>>>> by the FedID WG.
>>>>>>>
>>>>>>> Continuation API:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/555
>>>>>>>
>>>>>>> This lets the IDP open a popup window to finish the sign-in flow
>>>>>>> after potentially collecting additional information.
>>>>>>>
>>>>>>> Parameters API:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/556
>>>>>>>
>>>>>>> This lets RPs pass additional data to the ID assertion endpoint
>>>>>>>
>>>>>>> Fields API:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/559
>>>>>>>
>>>>>>> This lets RPs bypass the data sharing prompt in favor of the IDP
>>>>>>> prompting
>>>>>>>
>>>>>>> Multiple configURLs:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/552
>>>>>>>
>>>>>>> This lets IDPs use different config files in different contexts
>>>>>>> without weakening FedCM privacy properties, by allowing one accounts
>>>>>>> endpoint for the eTLD+1 (instead of one config file, which is more 
>>>>>>> limiting
>>>>>>> than necessary)
>>>>>>>
>>>>>>> Account labels:
>>>>>>>
>>>>>>> https://github.com/fedidcg/FedCM/issues/553
>>>>>>>
>>>>>>> Combined with the previous proposal, this allows filtering the
>>>>>>> account list per config file without providing additional entropy to the
>>>>>>> IDP.
>>>>>>>
>>>>>>>
>>>>>>> Blink component
>>>>>>>
>>>>>>> Blink>Identity>FedCM
>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM>
>>>>>>>
>>>>>>> TAG review
>>>>>>>
>>>>>>> https://github.com/w3ctag/design-reviews/issues/945
>>>>>>>
>>>>>>> TAG review status
>>>>>>>
>>>>>>> Pending
>>>>>>>
>>>>>>> Chromium Trial Name
>>>>>>>
>>>>>>> FedCmContinueOnBundle
>>>>>>>
>>>>>>> Link to origin trial feedback summary
>>>>>>>
>>>>>>> What we learned during the origin trial:
>>>>>>>
>>>>>>>
>>>>>>>    -
>>>>>>>
>>>>>>>    This bundle works well for implementing an authorization flow
>>>>>>>    for an identity provider
>>>>>>>    -
>>>>>>>
>>>>>>>    The parameter API needed to be refined to be easier to use for
>>>>>>>    an IDP (allow nested objects; send the parameters as serialized JSON
>>>>>>>    instead of individually prefixed parameters)
>>>>>>>    -
>>>>>>>
>>>>>>>    The fields API has gone through various iterations during the
>>>>>>>    trial and is now easier and more flexible to use
>>>>>>>    -
>>>>>>>
>>>>>>>    We have identified a possible future extension to the
>>>>>>>    continuation API (adding an IdentityProvider.reject function to 
>>>>>>> mirror
>>>>>>>    .resolve) but are not shipping it as part of this launch.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Origin Trial documentation link
>>>>>>>
>>>>>>>
>>>>>>> https://developers.google.com/privacy-sandbox/blog/fedcm-chrome-126-updates#origin_trial_fedcm_continuation_api_bundle
>>>>>>>
>>>>>>>
>>>>>>> WebFeature UseCounter name
>>>>>>>
>>>>>>> kFedCmContinueOnResponse
>>>>>>>
>>>>>>> Risks
>>>>>>>
>>>>>>> Interoperability and Compatibility
>>>>>>>
>>>>>>> No compatibility risk as this adds new parameters to dictionaries in
>>>>>>> a function argument.
>>>>>>>
>>>>>>> No concern about interoperability because other browser engines
>>>>>>> currently do not ship FedCM.
>>>>>>>
>>>>>>>
>>>>>>> Gecko: No signal. For incremental improvements to FedCM, Firefox
>>>>>>> has asked us not to file standards position, and they will instead 
>>>>>>> provide
>>>>>>> feedback in the GitHub PR. They have interacted on the spec PRs (e.g. on
>>>>>>> https://github.com/w3c-fedid/FedCM/pull/662) and on the explainers
>>>>>>> (e.g. https://github.com/w3c-fedid/FedCM/issues/477) but have not
>>>>>>> expressed an explicit positive signal.
>>>>>>>
>>>>>>> WebKit: No signal (
>>>>>>> https://github.com/WebKit/standards-positions/issues/336)
>>>>>>>
>>>>>>> Web developers: Positive (
>>>>>>> https://github.com/fedidcg/FedCM/issues/488#issuecomment-1749682526)
>>>>>>> Also:
>>>>>>> https://github.com/fedidcg/FedCM/issues/496#issuecomment-1781364610
>>>>>>> https://github.com/fedidcg/FedCM/issues/533#issuecomment-1878581998
>>>>>>>
>>>>>>> Other signals:
>>>>>>>
>>>>>>> Ergonomics
>>>>>>>
>>>>>>> This improves ergonomics for passing custom parameters to the IDP
>>>>>>> because it now provides a structured way to do so instead of (ab)using 
>>>>>>> the
>>>>>>> "nonce" parameter.
>>>>>>>
>>>>>>> Otherwise no impact on ergonomics either way.
>>>>>>>
>>>>>>>
>>>>>>> Activation
>>>>>>>
>>>>>>> No particular risks.
>>>>>>>
>>>>>>>
>>>>>>> Security
>>>>>>>
>>>>>>> We made sure that the popup from the continuation API is same-origin
>>>>>>> with the IDP, and that it cannot communicate with the RP except through 
>>>>>>> the
>>>>>>> narrow IdentityProvider.resolve API. In particular, window.opener is 
>>>>>>> null.
>>>>>>>
>>>>>>> The additional parameters from the parameter and fields API are only
>>>>>>> sent to the server after user interaction, and from a privacy 
>>>>>>> perspective
>>>>>>> are equivalent to the existing "nonce" field. However, from a developer
>>>>>>> ergonomics perspective the additions are much easier to use.
>>>>>>>
>>>>>>> Account labels were carefully designed not to add entropy and in
>>>>>>> particular not to send additional data to the server.
>>>>>>>
>>>>>>>
>>>>>>> WebView application risks
>>>>>>>
>>>>>>> Does this intent deprecate or change behavior of existing APIs, such
>>>>>>> that it has potentially high risk for Android WebView-based 
>>>>>>> applications?
>>>>>>>
>>>>>>> n/a
>>>>>>>
>>>>>>>
>>>>>>> Debuggability
>>>>>>>
>>>>>>> We show console messages to assist debugging where appropriate.
>>>>>>>
>>>>>>> Will this feature be supported on all six Blink platforms (Windows,
>>>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)?
>>>>>>>
>>>>>>> No
>>>>>>>
>>>>>>> FedCM in general is not supported in webview
>>>>>>>
>>>>>>>
>>>>>>> Is this feature fully tested by web-platform-tests
>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>>>>>> ?
>>>>>>>
>>>>>>> Yes
>>>>>>>
>>>>>>>
>>>>>>> https://wpt.fyi/results/fedcm/fedcm-authz?label=experimental&label=master&aligned
>>>>>>>
>>>>>>> We are investing why they are failing on wpt.fyi even though they
>>>>>>> pass in our internal infrastructure (e.g.
>>>>>>> https://ci.chromium.org/ui/test/chromium/ninja%3A%2F%2F%3Ablink_wpt_tests%2Fvirtual%2Ffedcm-authz%2Fexternal%2Fwpt%2Ffedcm%2Ffedcm-authz%2Ffedcm-continue-on-with-account.https.html
>>>>>>> )
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Flag name on chrome://flags
>>>>>>>
>>>>>>> fedcm-authz
>>>>>>>
>>>>>>> Finch feature name
>>>>>>>
>>>>>>> FedCmAuthz
>>>>>>>
>>>>>>> Requires code in //chrome?
>>>>>>>
>>>>>>> True
>>>>>>>
>>>>>>> Tracking bug
>>>>>>>
>>>>>>> https://crbug.com/40262526
>>>>>>>
>>>>>>> Launch bug
>>>>>>>
>>>>>>> https://launch.corp.google.com/launch/4348692
>>>>>>>
>>>>>>> Measurement
>>>>>>>
>>>>>>> https://chromestatus.com/metrics/feature/timeline/popularity/4955
>>>>>>> In addition, we have several UMA metrics.
>>>>>>>
>>>>>>> Estimated milestones
>>>>>>>
>>>>>>> Shipping on desktop
>>>>>>>
>>>>>>> 132
>>>>>>>
>>>>>>> Origin trial desktop first
>>>>>>>
>>>>>>> 127
>>>>>>>
>>>>>>> Origin trial desktop last
>>>>>>>
>>>>>>> 131
>>>>>>>
>>>>>>> Origin trial extension 1 end milestone
>>>>>>>
>>>>>>> 133
>>>>>>>
>>>>>>> Shipping on Android
>>>>>>>
>>>>>>> 132
>>>>>>>
>>>>>>> Origin trial Android first
>>>>>>>
>>>>>>> 128
>>>>>>>
>>>>>>> Origin trial Android last
>>>>>>>
>>>>>>> 133
>>>>>>>
>>>>>>>
>>>>>>> Anticipated spec changes
>>>>>>>
>>>>>>> Open questions about a feature may be a source of future web compat
>>>>>>> or interop issues. Please list open issues (e.g. links to known github
>>>>>>> issues in the project for the feature specification) whose resolution 
>>>>>>> may
>>>>>>> introduce web compat/interop risk (e.g., changing to naming or 
>>>>>>> structure of
>>>>>>> the API in a non-backward-compatible way).
>>>>>>>
>>>>>>> None
>>>>>>>
>>>>>>> Link to entry on the Chrome Platform Status
>>>>>>>
>>>>>>>
>>>>>>> https://chromestatus.com/feature/6495400321351680?gate=4886628616372224
>>>>>>>
>>>>>>> Links to previous Intent discussions
>>>>>>>
>>>>>>> Intent to Prototype:
>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/qqrG6yn1u1Q?pli=1
>>>>>>>
>>>>>>> Intent to Experiment:
>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XEedt%2Bu2pS_2NHHfxtEV9JJ7wbuKNEnieeWr6w8FtwKLw%40mail.gmail.com
>>>>>>>
>>>>>>> Intent to Extend Experiment 1:
>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/66ec74bf.2b0a0220.195547.03af.GAE%40google.com
>>>>>>>
>>>>>>>
>>>>>>> This intent message was generated by Chrome Platform Status
>>>>>>> <https://chromestatus.com/>.
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "blink-dev" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>> To view this discussion visit
>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XHfrr2FvW4qP%2BsS3Jn7DoE5oyTZETyuJTgT9wSN46ao4Q%40mail.gmail.com
>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XHfrr2FvW4qP%2BsS3Jn7DoE5oyTZETyuJTgT9wSN46ao4Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "blink-dev" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to blink-dev+unsubscr...@chromium.org.
>>>>> To view this discussion visit
>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XFsZ%3DqJf9GogNxH7Zj_UJU2UMLvMtncetQ6pqUWzZBcJQ%40mail.gmail.com
>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XFsZ%3DqJf9GogNxH7Zj_UJU2UMLvMtncetQ6pqUWzZBcJQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2Nuwsiq37AK4MCT_TYRi7p1Yxq-Pz%2BGe_jt%3DfX6L%3DayjA%40mail.gmail.com.

Reply via email to