Intent to Experiment: FedCM Bundle 6: Continuation API, Scope API, Scaling Well-Known, Custom account labels

877 views
Skip to first unread message

Christian Biesinger

unread,
Apr 24, 2024, 11:39:49 AMApr 24
to blink-dev

Contact emails

cbies...@chromium.org


Explainer

https://github.com/fedidcg/FedCM/issues/555

https://github.com/fedidcg/FedCM/issues/556

https://github.com/fedidcg/FedCM/issues/559

https://github.com/fedidcg/FedCM/issues/552

https://github.com/fedidcg/FedCM/issues/553


Specification

None


Summary

This bundles a few FedCM features that we would like to launch at the same time:


Continuation API:

https://github.com/fedidcg/FedCM/issues/555


This lets the IDP open a popup window to finish the sign-in flow after potentially collecting additional information.


Parameters API:

https://github.com/fedidcg/FedCM/issues/556


This lets RPs pass additional data to the ID assertion endpoint


Scope API:

https://github.com/fedidcg/FedCM/issues/559


This lets RPs bypass the data sharing prompt in favor of the IDP prompting


Scaling well-known:

https://github.com/fedidcg/FedCM/issues/552


This lets IDPs use different config files in different contexts without weakening FedCM privacy properties, by allowing one accounts endpoint for the eTLD+1 (instead of one config file, which is more limiting than necessary)


Account labels:

https://github.com/fedidcg/FedCM/issues/553


Combined with the previous proposal, this allows filtering the account list per config file without providing additional entropy to the IDP.



Blink component

Blink>Identity>FedCM


TAG review

https://github.com/w3ctag/design-reviews/issues/945


TAG review status

Pending


Risks



Interoperability and Compatibility

None



Gecko: No signal


WebKit: No signal (https://github.com/WebKit/standards-positions/issues/336)


Web developers: Positive (https://github.com/fedidcg/FedCM/issues/488#issuecomment-1749682526) Also: https://github.com/fedidcg/FedCM/issues/496#issuecomment-1781364610 https://github.com/fedidcg/FedCM/issues/533#issuecomment-1878581998


Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Goals for experimentation

Make sure that the API and user experience works well for identity providers, relying parties and users.


Ongoing technical constraints

None



Debuggability

No special support needed



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

FedCM in general is not supported in webview



Is this feature fully tested by web-platform-tests?

Yes

https://wpt.fyi/results/credential-management/fedcm-authz?label=experimental&label=master&aligned


(They currently fail on wpt.fyi because the feature is off by default)



Flag name on chrome://flags

fedcm-authz


Finch feature name

FedCmAuthz


Requires code in //chrome?

True


Tracking bug

https://crbug.com/40262526


Launch bug

https://launch.corp.google.com/launch/4315483


Estimated milestones

Origin trial desktop first

126






Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6495400321351680


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/qqrG6yn1u1Q?pli=1


This intent message was generated by Chrome Platform Status.


Chris Harrelson

unread,
Apr 24, 2024, 11:52:35 AMApr 24
to Christian Biesinger, blink-dev
Hi,

Please fill out the Privacy, Security and Debuggability sections for this origin trial, they'll need to be started before we can approve.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XEedt%2Bu2pS_2NHHfxtEV9JJ7wbuKNEnieeWr6w8FtwKLw%40mail.gmail.com.

Christian Biesinger

unread,
Apr 24, 2024, 12:08:19 PMApr 24
to Chris Harrelson, blink-dev
Sorry about that, done.

Chris Harrelson

unread,
Apr 24, 2024, 12:20:40 PMApr 24
to Christian Biesinger, blink-dev
Great thank you. LGTM to experiment for M126-M129.

Christian Biesinger

unread,
Jul 16, 2024, 12:34:56 PMJul 16
to Chris Harrelson, blink-dev
Hi,

is my understanding correct that we do not need further approvals to add Android to the origin trial in 128? (so far we only did desktop)

Thanks,
Christian

Chris Harrelson

unread,
Jul 16, 2024, 12:43:13 PMJul 16
to Christian Biesinger, blink-dev
On Tue, Jul 16, 2024 at 9:34 AM Christian Biesinger <cbies...@chromium.org> wrote:
Hi,

is my understanding correct that we do not need further approvals to add Android to the origin trial in 128? (so far we only did desktop)

That's fine by me! LGTM
 

Christian Biesinger

unread,
Jul 17, 2024, 2:28:29 PMJul 17
to Chris Harrelson, blink-dev
Sorry, one more request, can we shift this OT to 127 until 130? It took a while for our partner to get ready for the trial.

Christian

Yoav Weiss (@Shopify)

unread,
Jul 26, 2024, 5:31:15 AMJul 26
to Christian Biesinger, Chris Harrelson, blink-dev
Shifting the OT milestones (without adding more milestones through which the OT is exposed) is fine and doesn't require further approvals. Thanks! :)

Reply all
Reply to author
Forward
0 new messages