#935: FedCM API extension: Button Mode and User Other Account API

Visit on Github.

Opened Feb 16, 2024

こんにちは TAG-さん!

I'm requesting a TAG review of FedCM Button Mode API and Use Other Account API. These are extensions to the existing FedCM API.

The web needs a long term solution for federated login, as browsers handle tracking on the web. While heuristics can buy us some time in the short term, these two proposals extend FedCM to put us a couple steps closer to being able to operate federated login without them. The first extension handles a “button” mode (as opposed to / in addition to the current “widget” mode), where the browser needs to handle more gracefully when users are logged out of IdPs (take the user to login to the IdP, as opposed to failing silently), as Mozilla pointed out here. The second extension allows users to “use other accounts” in the account chooser, for example, when IdPs support multiple accounts or replacing the existing account.

  • Explainer¹ (We publish explainers as issues per request from Mozilla. See https://github.com/w3ctag/design-reviews/issues/813#issuecomment-1466632934): explainer
  • Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.
  • GitHub repo (if you prefer feedback filed there): url
  • Primary contacts (and their relationship to the specification):
    • [Yi Gu] ([@yi-gu], Google Chrome)
    • [Christian Biesinger] ([@cbiesinger], Google Chrome)
    • [Sam Goto] ([@samuelgoto], Google Chrome, spec editor)
  • Organization/project driving the design: Google Chrome
  • External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future): FedIDCG
  • The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  • Existing major pieces of multi-stakeholder review or discussion of this design: No
  • Major unresolved issues with or opposition to this design: No
  • This work is being funded by: Google Chrome

You should also know that...

There are discussions on the API shape in this thread. It also includes UX mocks which may help with understanding the scope and user journeys.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify [@yi-gu, @cbiesinger, @samuelgoto]

Discussions

2024-04-22

Minutes

Review on pause until Amy gets back.

2024-06-17

Minutes

Dan: this one has a slightly better explaienr - tho still an issue comment - https://github.com/fedidcg/FedCM/issues/442#issuecomment-1949323416

Peter: one other concern I have with FedCM - in other reviews, Amy and I identified many things - features we would like to see inyegrated into the browser as opposed to it be in the content. This seemed like yet another one of these... These are patches on the old solution... Why not do the real solution.

... Lots of extensions to handle specific uses cases ...

Peter: the overall goal is to do it right but right now they're doing whatever needs to be done to solve federated identity without third party cookies...

Amy: also with #803 ...