yi...@chromium.org, n...@chromium.org
Error API: https://github.com/fedidcg/FedCM/issues/488
AccountAutoSelectedFlag: https://github.com/fedidcg/FedCM/issues/497
Hosted domain: https://github.com/fedidcg/FedCM/issues/427
Revocation: https://github.com/fedidcg/FedCM/issues/496
We will add specification as we evolve the features during prototyping
This entry covers a few incremental extensions to the FedCM API:
With the Error API, the browser can inform users with proper error messages when their sign-in request has failed.
With the AccountAutoSelected Flag API, the browser could help developers to determine if FedCM token requests were initiated with explicit user permission to improve their services.
With the Hosted Domain API, RP can choose to only show the accounts which are associated with a certain domain.
With the Revocation API, developers can revoke the connection between RP and IdP upon user request and update the browser to optimize the future flows.
See summary above
None
Not started
These are extensions to the FedCM API. Apple and Mozilla have both expressed a positive opinion on the initial FedCM API. They have not yet shipped but Mozilla is prototyping. If a user agent chooses not to implement these extensions, it will limit the quality of the UI that it can provide to users, but should not break the FedCM flow.
Gecko: No signal
WebKit: No signal
Web developers: Positive. These features are being developed to address existing use-cases which will not be possible once third-party cookies are phased out.
Other signals:
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
FedCM API is not available in WebView
Same as FedCM API in general – console messages in devtools and general JS debugging
We will add tests as we implement
chrome://flags/#fedcm-error
chrome://flags/#fedcm-account-auto-selected-flag
chrome://flags/#fedcm-hosted-domain
chrome://flags/#fedcm-revocation
True
119-120
Error and AccountAutoSelectedFlag