Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FedCM API extension: Button Mode and User Other Account API #935

Open
1 task done
yi-gu opened this issue Feb 16, 2024 · 1 comment
Open
1 task done

FedCM API extension: Button Mode and User Other Account API #935

yi-gu opened this issue Feb 16, 2024 · 1 comment
Assignees
Labels
Focus: Accessibility (pending) Focus: API design (pending) Focus: Privacy (pending) Focus: Web architecture (pending) Mode: breakout Work done during a time-limited breakout session privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. Review type: CG early review An early review of general direction from a Community Group Topic: identity & credentials Venue: Federated ID CG

Comments

@yi-gu
Copy link

yi-gu commented Feb 16, 2024

こんにちは TAG-さん!

I'm requesting a TAG review of FedCM Button Mode API and Use Other Account API. These are extensions to the existing FedCM API.

The web needs a long term solution for federated login, as browsers handle tracking on the web. While heuristics can buy us some time in the short term, these two proposals extend FedCM to put us a couple steps closer to being able to operate federated login without them. The first extension handles a “button” mode (as opposed to / in addition to the current “widget” mode), where the browser needs to handle more gracefully when users are logged out of IdPs (take the user to login to the IdP, as opposed to failing silently), as Mozilla pointed out here. The second extension allows users to “use other accounts” in the account chooser, for example, when IdPs support multiple accounts or replacing the existing account.

  • Explainer¹ (We publish explainers as issues per request from Mozilla. See FedCM Auto Re-authentication API #813 (comment)): explainer
  • Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.
  • GitHub repo (if you prefer feedback filed there): url
  • Primary contacts (and their relationship to the specification):
    • [Yi Gu] ([@yi-gu], Google Chrome)
    • [Christian Biesinger] ([@cbiesinger], Google Chrome)
    • [Sam Goto] ([@samuelgoto], Google Chrome, spec editor)
  • Organization/project driving the design: Google Chrome
  • External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future): FedIDCG
  • The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  • Existing major pieces of multi-stakeholder review or discussion of this design: No
  • Major unresolved issues with or opposition to this design: No
  • This work is being funded by: Google Chrome

You should also know that...

There are discussions on the API shape in this thread. It also includes UX mocks which may help with understanding the scope and user journeys.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify [@yi-gu, @cbiesinger, @samuelgoto]

@yi-gu yi-gu added Progress: untriaged Review type: CG early review An early review of general direction from a Community Group labels Feb 16, 2024
@torgo torgo added this to the 2024-03-25-week milestone Mar 21, 2024
@torgo torgo added Topic: identity & credentials Mode: breakout Work done during a time-limited breakout session Review type: CG early review An early review of general direction from a Community Group Topic: privacy privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. and removed Progress: untriaged Review type: CG early review An early review of general direction from a Community Group Topic: privacy labels Mar 21, 2024
@plinss plinss removed this from the 2024-04-22-week milestone Apr 29, 2024
@torgo torgo added this to the 2024-05-20-week:b milestone May 19, 2024
@plinss plinss removed this from the 2024-05-20-week:b milestone May 27, 2024
@torgo torgo added this to the 2024-06-17-week:b milestone Jun 16, 2024
@samuelgoto
Copy link

FWIW, just to report back here, the button mode API recently entered origin trials (the blog post may be useful to give a sense of what problems it solves, specifically this) and is in active production experimentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Focus: Accessibility (pending) Focus: API design (pending) Focus: Privacy (pending) Focus: Web architecture (pending) Mode: breakout Work done during a time-limited breakout session privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. Review type: CG early review An early review of general direction from a Community Group Topic: identity & credentials Venue: Federated ID CG
Projects
None yet
Development

No branches or pull requests

5 participants