Intent to Prototype: FedCM Improvements: Error API, Account Auto Selected Flag, Hosted Domain and Revocation

70 views
Skip to first unread message

Yi Gu

unread,
Aug 30, 2023, 9:11:50 AM8/30/23
to blink-dev

Contact emails

yi...@chromium.org, n...@chromium.org


Explainer

Error API: https://github.com/fedidcg/FedCM/issues/488

AccountAutoSelectedFlag: https://github.com/fedidcg/FedCM/issues/497 

Hosted domain: https://github.com/fedidcg/FedCM/issues/427

Revocation: https://github.com/fedidcg/FedCM/issues/496 



Specification

We will add specification as we evolve the features during prototyping


Summary

This entry covers a few incremental extensions to the FedCM API:

  • With the Error API, the browser can inform users with proper error messages when their sign-in request has failed.

  • With the AccountAutoSelected Flag API, the browser could help developers to determine if FedCM token requests were initiated with explicit user permission to improve their services.

  • With the Hosted Domain API, RP can choose to only show the accounts which are associated with a certain domain.

  • With the Revocation API, developers can revoke the connection between RP and IdP upon user request and update the browser to optimize the future flows. 


Blink component

Blink>Identity>FedCM


Motivation

See summary above


TAG review

None


TAG review status

Not started


Risks



Interoperability and Compatibility


These are extensions to the FedCM API. Apple and Mozilla have both expressed a positive opinion on the initial FedCM API. They have not yet shipped but Mozilla is prototyping. If a user agent chooses not to implement these extensions, it will limit the quality of the UI that it can provide to users, but should not break the FedCM flow.


Gecko: No signal


WebKit: No signal


Web developers: Positive. These features are being developed to address existing use-cases which will not be possible once third-party cookies are phased out.


Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

FedCM API is not available in WebView



Debuggability

Same as FedCM API in general – console messages in devtools and general JS debugging



Is this feature fully tested by web-platform-tests?

We will add tests as we implement


Flag name

chrome://flags/#fedcm-error

chrome://flags/#fedcm-account-auto-selected-flag

chrome://flags/#fedcm-hosted-domain

chrome://flags/#fedcm-revocation


Requires code in //chrome?

True


Estimated milestones

119-120



Link to entry on the Chrome Platform Status

Error and AccountAutoSelectedFlag

Hosted Domain and Revocation


Links to previous Intent discussions

https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/bzghj9N3AQAJ
Reply all
Reply to author
Forward
0 new messages