This bundles a few features that we would like to launch at the same time: Continuation API: https://github.com/fedidcg/FedCM/issues/555 This lets the IDP open a popup window to finish the sign-in flow after potentially collecting additional information. Parameters API: https://github.com/fedidcg/FedCM/issues/556 This lets RPs pass additional data to the ID assertion endpoint Fields API: https://github.com/fedidcg/FedCM/issues/559 This lets RPs bypass the data sharing prompt in favor of the IDP prompting Multiple configURLs: https://github.com/fedidcg/FedCM/issues/552 This lets IDPs use different config files in different contexts without weakening FedCM privacy properties, by allowing one accounts endpoint for the eTLD+1 (instead of one config file, which is more limiting than necessary) Account labels: https://github.com/fedidcg/FedCM/issues/553 Combined with the previous proposal, this allows filtering the account list per config file without providing additional entropy to the IDP.
None
We made sure that the popup from the continuation API is same-origin with the IDP, and that it cannot communicate with the RP except through the narrow IdentityProvider.resolve API. In particular, window.opener is null. The additional parameters from the parameter and scope API are only sent to the server after user interaction, and from a privacy perspective are equivalent to the existing "nonce" field. However, from a developer ergonomics perspective the additions are much easier to use. Account labels were carefully designed not to add entropy and in particular not to send additional data to the server.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
We would like to extend this origin trial because our partner's experimentation has been delayed for various reasons. In addition, we are updating the API based on feedback from the CG/WG (https://github.com/w3c-fedid/custom-requests/issues/2#issuecomment-2342125924) and need some time to implement this and get partner feedback on that.
None
No special support needed
FedCM in general is not supported in webview
https://wpt.fyi/results/credential-management/fedcm-authz?label=experimental&label=master&aligned (They currently fail on wpt.fyi because the feature is off by default)
Shipping on desktop | 131 |
Origin trial desktop first | 127 |
Origin trial desktop last | 131 |
Origin trial extension 1 end milestone | 133 |
Shipping on Android | 131 |
Origin trial Android first | 128 |
Origin trial Android last | 131 |