Intent to Ship: FedCM—Support Structured JSON Responses from IdPs

28 views
Skip to first unread message

Chromestatus

unread,
Sep 5, 2025, 11:51:39 PM (3 hours ago) Sep 5
to blin...@chromium.org, sures...@microsoft.com

Contact emails

sures...@microsoft.com

Explainer

https://github.com/w3c-fedid/idp-registration/issues/13#issuecomment-3254858070

Specification

https://github.com/w3c-fedid/FedCM/pull/771

Summary

Allows Identity Providers (IdPs) to return structured JSON objects instead of plain strings to Relying Parties (RPs) via the id_assertion_endpoint. This change simplifies integration for developers by eliminating the need to manually serialize and parse JSON strings. It enables more dynamic and flexible authentication flows, allowing RPs to interpret complex responses directly and support varied protocols like OAuth2, OIDC, or IndieAuth without out-of-band agreements.



Blink component

Blink>Identity>FedCM

Web Feature ID

fedcm

TAG review

https://github.com/w3ctag/design-reviews/issues/1147

TAG review status

Issues open

Risks



Interoperability and Compatibility

None



Gecko: No signal comments from Ben Vandersloot in https://github.com/w3c-fedid/meetings/blob/main/2025/2025-07-29-FedCM-notes.md#status-of-cr-blockers, No strong opinions

WebKit: No signal

Web developers: Positive

Other signals: This was requested by Identity providers.

Ergonomics

n/a



Activation

n/a



Security

n/a



WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

n/a, FedCM not supported in WebView



Debuggability

Same as other FedCM features. The network view in devtools would be especially helpful for debugging this feature.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

FedCM in general is not supported on webview. Supported on all other blink platforms.



Is this feature fully tested by web-platform-tests?

Yes

https://wpt.fyi/results/fedcm/fedcm-flexible-token?label=experimental&label=master



Flag name on about://flags

None

Finch feature name

FedCmNonStringToken

Rollout plan

Will ship enabled for all users

Requires code in //chrome?

False

Tracking bug

https://issues.chromium.org/346567168

Estimated milestones

Shipping on desktop 143
Shipping on Android 143


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

none

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5153509557272576?gate=5128781719273472

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages