This came up recently in a discussion with the TAG and @plinss, of an extension to FedCM that is both (a) early and (b) could use early directional guidance from the TAG. Side note, also discussed in the discussion with the TAG: I'm glad that Chrome's Process points to Early Tag Reviews at the Devtrials stage, which I think is (a) exactly when we'd want to get early tag guidance and (b) where this specific API is at.

こんにちは TAG-さん!

I'm requesting a TAG review of FedCM's IdP Registration API.

One of the problems on the web is that users are currently constrained by a small set of social login providers to login to Websites. Websites, in turn, are constrained by finite space in login flows, so they typically have to pick 2-5 large social login providers (e.g. facebook, google, twitter, linkedin, github, etc) that can represent a large fraction of their users, but, by construction, not all of them.

This is a proposal to increase user choice by allowing RPs to request any IdPs that the user has chosen to register.

• Explainer¹ (minimally containing user needs and example code): explainer forked out of this thread
• User research: not yet available
• Security and Privacy self-review²: not yet available
• GitHub repo: same as explainer
• Primary contacts (and their relationship to the specification):
  • Sam Goto, @samuelgoto, Google Chrome
• Organization/project driving the design: FedID CG, Indie Web community, Solid community
• External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):

Further details:

• [ x ] I have reviewed the TAG's Web Platform Design Principles
• The group where the incubation/design work on this is being done (or is intended to be done in the future): FedID CG/WG
• The group where standardization of this work is intended to be done ("unknown" if not known): FedID WG
• Existing major pieces of multi-implementer review or discussion of this design: url
• Major unresolved issues with or opposition to this design: See open questions here.
• This work is being funded by:

You should also know that...

[please tell us anything you think is relevant to this review]

---

CAREFULLY READ AND DELETE CONTENT BELOW THIS LINE BEFORE SUBMITTING

Please preview the issue and check that the links work before submitting.

In particular:

• if anything links to a URL which requires authentication (e.g. Google document), please make sure anyone with the link can access the document. We would prefer public documents though, since we work in the open.

¹ For background, see our explanation of how to write a good explainer. We recommend the explainer to be in Markdown.

² Even for early-stage ideas, a Security and Privacy questionnaire helps us understand potential security and privacy issues and mitigations for your design, and can save us asking redundant questions. See https://www.w3.org/TR/security-privacy-questionnaire/.