LGTM1 On 1/2/24 11:42 AM, Nicolás Peña wrote:
Brief update: both spec PRs are now merged. Hoping to ship in M122.On Friday, December 15, 2023 at 2:29:58 PM UTC-5 Nicolás Peña wrote: Contact emails n...@chromium.org Explainer Domain Hint (formerly hosted domain): https://github.com/fedidcg/FedCM/issues/427 <https://github.com/fedidcg/FedCM/issues/427> Disconnect (formerly revoke): https://github.com/fedidcg/FedCM/issues/496 <https://github.com/fedidcg/FedCM/issues/496> (Note: in the FedCM team, we have explainers in the form of GitHub issues per feedback <https://github.com/fedidcg/FedCM/issues/431#issuecomment-1425025469>from FedID CG. The issue and the first comment are the explainers in each case.) Specification Domain Hint: https://github.com/fedidcg/FedCM/pull/512 <https://github.com/fedidcg/FedCM/pull/512> Disconnect: https://fedidcg.github.io/FedCM/#browser-api-identity-credential-disconnect <https://fedidcg.github.io/FedCM/#browser-api-identity-credential-disconnect> Note on spec PR merging policy (to answer the question “why has the first not been merged”): in the FedID CG, we have agreed that non-editorial spec PRs require review from two implementations. Disconnect has been approved, while domainHint is still under review. Both features have been discussed thoroughly in the FedID CG and the feedback there has been incorporated. Summary Allows showing only accounts matching a given domain hint in the FedCM account chooser, and allows disconnecting a federated login account via the relying party website. With domain hint, developers may provide a better UX by only showing the federated login accounts from the domain that they accept. With the disconnect API, a relying party (RP) may notify the identity provider (IdP) that an IdP account previously used via FedCM in an RP is now disconnected, and hence using that account again via federated login would require treating it as a new account. Blink component Blink>Identity>FedCM <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> TAG review https://github.com/w3ctag/design-reviews/issues/893 <https://github.com/w3ctag/design-reviews/issues/893> TAG review status Issues addressed Risks Interoperability and Compatibility These are small additions to the FedCM API, which has (general) support from WebKit and Mozilla. They haven't shipped FedCM yet, but it would not be a lot more work to add these features. If a user agent did not have domain hint support, this would mean it would show more accounts in the chooser compared to user agents which do have domain hint support. Not adding disconnect would mean that this feature of allowing RPs to disconnect accounts would not be available in the browser, but it would not impact the FedCM API otherwise. Gecko: Positive for disconnect and no signal yet for domainHint. Firefox asked us to not send standards positions requests for small FedCM additions, and to instead rely on pull requests. See https://github.com/fedidcg/FedCM/pull/512 <https://github.com/fedidcg/FedCM/pull/512>and https://github.com/fedidcg/FedCM/pull/515 <https://github.com/fedidcg/FedCM/pull/515>. WebKit: No signal (https://github.com/WebKit/standards-positions/issues/249 <https://github.com/WebKit/standards-positions/issues/249>) Web developers: Positive. This is a feature requested by developers to satisfy existing flows which break once third-party cookies are removed. Other signals: Ergonomics It will be often used within the FedCM API. We do not see ergonomics risks. Activation Domain hint can be polyfilled via login hint but it would be pretty cumbersome to do so. The disconnect API would be hard to polyfill, but could perhaps be done in a non-user friendly way via popups. This would still be imperfect since the browser knowledge about the connection would not be cleared, only the IdP-side disconnection would occur. Security The Disconnect endpoint will use CORS. An RP may not impact the connection status of accounts not belonging to that RP origin. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? N/A (FedCM does not work on WebViews) Debuggability Console errors and DevTools issues will be used to highlight any issues with the disconnect call. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? FedCM is not supported on Android WebView. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>? Yes. Look for domainhint and disconnect inhttps://wpt.fyi/results/credential-management?label=experimental&label=master&aligned <https://wpt.fyi/results/credential-management?label=experimental&label=master&aligned>. Flag name on chrome://flags FedCmDomainHint, FedCmDisconnect Finch feature name FedCmDomainHint, FedCmDisconnect Requires code in //chrome? True Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1473135 <https://bugs.chromium.org/p/chromium/issues/detail?id=1473135>(follow implementations in the two BlockedOn bugs) Launch bug https://launch.corp.google.com/launch/4273848 <https://launch.corp.google.com/launch/4273848> Estimated milestones No milestones specified Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5202286040580096 <https://chromestatus.com/feature/5202286040580096> This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. --You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1da7172f-acff-43d6-916e-fd4860c1abben%40chromium.org <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1da7172f-acff-43d6-916e-fd4860c1abben%40chromium.org?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/caeec1f8-e387-4a02-9691-500ff5def592%40chromium.org.
