Contact emails
[email protected] Specification https://github.com/w3c-fedid/FedCM/pull/768 <https://github.com/w3c-fedid/FedCM/pull/768> https://github.com/w3c-fedid/FedCM/pull/498 Summary Migration of nonce to params Field: The nonce parameter in navigator.credentials.get() is moving from a top-level field to the params object for better API design, extensibility, and maintainability. This structured approach simplifies parsing for Identity Providers, supports future-proofing without versioning, and aligns with modern API patterns. For Relying Parties, the impact is minimal—they provide the same nonce value in a new location. Migration Plan Chrome will enforce this rule in two phases: Chrome 143 (Warning Phase): nonce accepted both at top level and inside params. Top-level usage triggers a console warning. Chrome 145 (Enforcement Phase): Top-level nonce removed; must be passed within params. Rename code to error in IdentityCredentialError: The code attribute in IdentityCredentialError is renamed to error for clearer semantics, better developer experience, and alignment with web standards. This change reduces ambiguity and avoids conflicts with DOMException.code. Additionally, error.code becomes error.error, retaining its DOMString type. Migration Plan Chrome will enforce this rule in two phases: Chrome 143 (Warning Phase): Both error and code attributes are supported. Using code triggers a console warning, guiding developers to migrate. Chrome 145 (Enforcement Phase): Attribute code will be removed, only attribute error remains. Update code before this version to prevent breakage. Blink component Blink>Identity>FedCM <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EIdentity%3EFedCM%22> Web Feature ID fedcm <https://webstatus.dev/features/fedcm> TAG review None Risks Interoperability and Compatibility Chrome 143 allows old and new patterns with warnings. By Chrome 145, top-level nonce and code attributes are removed, requiring params for nonce and error for IdentityCredentialError. Failure to migrate breaks authentication and error handling, runtime issues, and degraded user experience. Gecko: No signal WebKit: No signal Web developers: Supportive, comments from Ben Vandersloot in https://github.com/w3c-fedid/meetings/blob/main/2025/2025-07-08-FedCM-notes.md WebView application risks FedCM does not work in WebView. Ongoing technical constraints None Debuggability Same as other FedCM features. The network view in devtools would be especially helpful for debugging this feature. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? NoFedCM in general is not supported on webview. Supported on all other blink platforms. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Yes https://wpt.fyi/results/fedcm/fedcm-error-attribute?label=experimental&label=master Flag name on about://flags fedcm-nonce-in-params, fedcm-error-attribute Finch feature name FedCmNonceInParams, FedCmErrorAttribute Requires code in //chrome? False Estimated milestones Shipping on desktop 145 Shipping on Android 145 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5124072820310016 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3dffeb38-f53f-4e49-90e6-3fefc96ea32an%40chromium.org.
