Thanks so much for making this easier to understand. Helps a lot, and as a result, I now understand that the design has a problem:
JSON allows a single string value as a valid payload; e.g. JSON.parse(`"foo"`). This seems to be a problem for the design, which relies on authors sending objects instead of strings as a reliable discriminator. How can you validate that this isn't going to create issues in the wild? Best, Alex On Friday, September 26, 2025 at 1:41:51 PM UTC-7 Suresh Potti wrote: > Updated the explainer. Pls review. > > Thanks, > > Suresh > > > > *From:* Alex Russell <[email protected]> > *Sent:* Wednesday, September 10, 2025 8:44 PM > *To:* blink-dev <[email protected]> > *Cc:* Yoav Weiss <[email protected]>; [email protected] < > [email protected]>; Suresh Potti <[email protected]>; > Chromestatus <[email protected]> > *Subject:* [EXTERNAL] Re: [blink-dev] Intent to Ship: FedCM—Support > Structured JSON Responses from IdPs > > > > You don't often get email from [email protected]. Learn why this > is important <https://aka.ms/LearnAboutSenderIdentification> > > I like the change, but the linked "explainer" doesn't cover the ground we > expect to see. Can you please draft a separate document for this feature > and address questions raised in the GH thread in that doc? > > > > Thanks, > > > > Alex > > On Tuesday, September 9, 2025 at 5:33:34 AM UTC-7 Yoav Weiss wrote: > > LGTM1 > > This seems like a small yet useful addition. > > > > On Sat, Sep 6, 2025 at 5:51 AM Chromestatus < > [email protected]> wrote: > > Contact emails > > [email protected] > Explainer > > > https://github.com/w3c-fedid/idp-registration/issues/13#issuecomment-3254858070 > > Specification > > https://github.com/w3c-fedid/FedCM/pull/771 > Summary > > Allows Identity Providers (IdPs) to return structured JSON objects instead > of plain strings to Relying Parties (RPs) via the id_assertion_endpoint. > This change simplifies integration for developers by eliminating the need > to manually serialize and parse JSON strings. It enables more dynamic and > flexible authentication flows, allowing RPs to interpret complex responses > directly and support varied protocols like OAuth2, OIDC, or IndieAuth > without out-of-band agreements. > > > Blink component > > Blink>Identity>FedCM > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EIdentity%3EFedCM%22> > > Web Feature ID > > fedcm <https://webstatus.dev/features/fedcm> > TAG review > > https://github.com/w3ctag/design-reviews/issues/1147 > TAG review status > > Issues open > Risks > > > Interoperability and Compatibility > > None > > > > *Gecko*: No signal comments from Ben Vandersloot in > https://github.com/w3c-fedid/meetings/blob/main/2025/2025-07-29-FedCM-notes.md#status-of-cr-blockers, > > No strong opinions > > *WebKit*: No signal > > *Web developers*: Positive > > *Other signals*: This was requested by Identity providers. > Ergonomics > > n/a > > > Activation > > n/a > > > Security > > n/a > > > WebView application risks > > *Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications?* > > n/a, FedCM not supported in WebView > > > Debuggability > > Same as other FedCM features. The network view in devtools would be > especially helpful for debugging this feature. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)? > > No > > FedCM in general is not supported on webview. Supported on all other blink > platforms. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > Yes > > > https://wpt.fyi/results/fedcm/fedcm-flexible-token?label=experimental&label=master > > > Flag name on about://flags > > None > Finch feature name > > FedCmNonStringToken > Rollout plan > > Will ship enabled for all users > Requires code in //chrome? > > False > Tracking bug > > https://issues.chromium.org/346567168 > Estimated milestones > > Shipping on desktop > > 143 > > Shipping on Android > > 143 > > > Anticipated spec changes > > *Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way).* > > none > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5153509557272576?gate=5128781719273472 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68bbafb9.050a0220.257801.01b2.GAE%40google.com > > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68bbafb9.050a0220.257801.01b2.GAE%40google.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1d3e8c39-9a65-4780-8fc1-077910889d2fn%40chromium.org.
