Intent to Ship: FedCM—Support Structured JSON Responses from IdPs

[Chromestatus]

Contact emails

sures...@microsoft.com

Explainer

https://github.com/w3c-fedid/idp-registration/issues/13#issuecomment-3254858070

Specification

https://github.com/w3c-fedid/FedCM/pull/771

Summary

Allows Identity Providers (IdPs) to return structured JSON objects instead of plain strings to Relying Parties (RPs) via the id_assertion_endpoint. This change simplifies integration for developers by eliminating the need to manually serialize and parse JSON strings. It enables more dynamic and flexible authentication flows, allowing RPs to interpret complex responses directly and support varied protocols like OAuth2, OIDC, or IndieAuth without out-of-band agreements.

Blink component

Blink>Identity>FedCM

Web Feature ID

fedcm

TAG review

https://github.com/w3ctag/design-reviews/issues/1147

TAG review status

Issues open

Risks

Interoperability and Compatibility

None

Gecko: No signal comments from Ben Vandersloot in https://github.com/w3c-fedid/meetings/blob/main/2025/2025-07-29-FedCM-notes.md#status-of-cr-blockers, No strong opinions

WebKit: No signal

Web developers: Positive

Other signals: This was requested by Identity providers.

Ergonomics

n/a

Activation

n/a

Security

n/a

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

n/a, FedCM not supported in WebView

Debuggability

Same as other FedCM features. The network view in devtools would be especially helpful for debugging this feature.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

FedCM in general is not supported on webview. Supported on all other blink platforms.

Is this feature fully tested by web-platform-tests?

Yes

https://wpt.fyi/results/fedcm/fedcm-flexible-token?label=experimental&label=master

Flag name on about://flags

None

Finch feature name

FedCmNonStringToken

Rollout plan

Will ship enabled for all users

Requires code in //chrome?

False

Tracking bug

https://issues.chromium.org/346567168

Estimated milestones

Shipping on desktop	143
Shipping on Android	143

Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

none

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5153509557272576?gate=5128781719273472

This intent message was generated by Chrome Platform Status.

[Yoav Weiss (@Shopify)]

LGTM1

This seems like a small yet useful addition.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68bbafb9.050a0220.257801.01b2.GAE%40google.com.

[Alex Russell]

I like the change, but the linked "explainer" doesn't cover the ground we expect to see. Can you please draft a separate document for this feature and address questions raised in the GH thread in that doc?

Thanks,

Alex

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

[suresh potti]

explainer updated : FedCM/explorations/structured_data_support.md at main · w3c-fedid/FedCM

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

[suresh potti]

Explainer updated and answered queries : FedCM/explorations/structured_data_support.md at main · w3c-fedid/FedCM

On Wednesday, September 10, 2025 at 8:43:46 PM UTC+5:30 Alex Russell wrote:

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

[Alex Russell]

Thanks for breaking this out.

Generally, explainers are meant to foreground the code that users of APIs will encounter, and explain how changes in API surface solve the problems we are trying to handle. This explainer has WebIDL instead, which isn't how we normally do things. I also don't see any considered alternative designs.

Let's dot our "i"s and cross our "t"s here.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

[suresh potti]

Since alternative designs are addressed in the ‘Rejected Alternatives Summary’ section and API usage is covered in the ‘Examples’ section, is the intent to remove the ‘Proposed Solution / Changes’ section entirely to make it more dev focussed ?

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

[Nicolás Peña Moreno]

IDL is not required in explainers, but surely it is not banned from explainers? Also, the entire "Design Decisions and Alternatives Considered" section discusses the alternatives. In my opinion, the explainer Suresh wrote is more than enough for this fairly small addition.

[Alex Russell]

IDL is strongly discouraged in Explainers. It belongs in a spec document unless it's the only way to show the API surface.

On the considered alternatives, I don't see any example code for them. Why not?

Best,

Alex