Contact emails y...@chromium.org, cbiesin...@chromium.org
Explainer TBD (incubating in this thread <https://github.com/fedidcg/FedCM/issues/442#issuecomment-1675007152>) Specification We will add specifications as we learn more while we prototype. Summary We plan to prototype two new APIs for FedCM.: - Button Mode API: The button mode allows websites to call FedCM inside a button click (e.g. clicking on a “Sign-in to IdP” button), which requires FedCM to guarantee it will always respond with a visible user interface (as opposed to in widget mode, which doesn’t show any UI when users are logged out). So, calling the FedCM API in “button mode” takes users to login to the IdP (in a pop-up window), when users are logged-out. Also, because the button mode is called within an explicit user gesture, the UI may also be more prominent (e.g. centered and modal) compared to the UI from the widget mode (which doesn’t have such explicit intention). - Add Account API: With this API, an Identity Provider can allow users to sign in to other accounts. Blink component Blink>Identity>FedCM <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> Motivation The web needs a long term solution for federated login, as browsers handle tracking on the web. While heuristics <https://groups.google.com/a/chromium.org/g/blink-dev/c/yGhI6iTAfeA/m/Z4DR3K23AQAJ> can buy us some time in the short term, these two proposals extend FedCM to put us a couple steps closer to being able to operate federated login without them. The first extension handles a “button” mode (as opposed to / in addition to the current “widget” mode), where the browser needs to handle more gracefully when users are logged out of IdPs (take the user to login to the IdP, as opposed to failing silently), as Mozilla pointed out here <https://github.com/fedidcg/FedCM/issues/442>. The second extension allows users to “use other accounts” in the account chooser, for example, when IdPs support multiple accounts or replacing the existing account. TAG review status Not started Risks Interoperability and Compatibility These are extensions to the FedCM API. Apple <https://lists.webkit.org/pipermail/webkit-dev/2022-March/032162.html> and Mozilla <https://github.com/mozilla/standards-positions/issues/618#issuecomment-1221964677> have both expressed a positive opinion on the initial FedCM API. They have not yet shipped but Mozilla is prototyping. If a user agent chooses not to implement these extensions, the sign-in flow should not be affected in that user agent because developers can fallback to the existing federated sign-in mechanisms. Gecko: No signal WebKit: No signal Web developers: Positive <https://github.com/fedidcg/FedCM/issues/442>. These features are being developed to address existing feedback for the FedCM API. Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? FedCM API is not available in WebView Debuggability Same as FedCM in general – console messages in devtools and general JS debugging Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? We will add tests as we implement Flag name chrome://flags/#fedcm-button-mode chrome://flags/#fedcm-add-account Requires code in //chrome? True Estimated milestones 122-125 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4689551782313984 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCPzJ1beiSbsmQqvu9x24zmf6LkGuup%3DgPVyXEx%2Bux9%3Dyg%40mail.gmail.com.
