LGTM On Thursday, September 19, 2024 at 12:00:25 PM UTC-7 Chromestatus wrote:
> Contact emails cbiesin...@chromium.org > > Explainer https://github.com/fedidcg/FedCM/issues/555 > https://github.com/fedidcg/FedCM/issues/556 > https://github.com/fedidcg/FedCM/issues/559 > https://github.com/fedidcg/FedCM/issues/552 > https://github.com/fedidcg/FedCM/issues/553 > > Specification None > > Summary > > This bundles a few features that we would like to launch at the same time: > Continuation API: https://github.com/fedidcg/FedCM/issues/555 This lets > the IDP open a popup window to finish the sign-in flow after potentially > collecting additional information. Parameters API: > https://github.com/fedidcg/FedCM/issues/556 This lets RPs pass additional > data to the ID assertion endpoint Fields API: > https://github.com/fedidcg/FedCM/issues/559 This lets RPs bypass the data > sharing prompt in favor of the IDP prompting Multiple configURLs: > https://github.com/fedidcg/FedCM/issues/552 This lets IDPs use different > config files in different contexts without weakening FedCM privacy > properties, by allowing one accounts endpoint for the eTLD+1 (instead of > one config file, which is more limiting than necessary) Account labels: > https://github.com/fedidcg/FedCM/issues/553 Combined with the previous > proposal, this allows filtering the account list per config file without > providing additional entropy to the IDP. > > > Blink component Blink>Identity>FedCM > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> > > > TAG review https://github.com/w3ctag/design-reviews/issues/945 > > TAG review status Pending > > Chromium Trial Name FedCmContinueOnBundle > > Origin Trial documentation link > https://github.com/fedidcg/FedCM/blob/main/explorations/HOWTO-chrome.md#continuation-api > > > WebFeature UseCounter name kFedCmContinueOnResponse > > Risks > > > Interoperability and Compatibility > > None > > > *Gecko*: No signal > > *WebKit*: No signal ( > https://github.com/WebKit/standards-positions/issues/336) > > *Web developers*: Positive ( > https://github.com/fedidcg/FedCM/issues/488#issuecomment-1749682526) > Also: https://github.com/fedidcg/FedCM/issues/496#issuecomment-1781364610 > https://github.com/fedidcg/FedCM/issues/533#issuecomment-1878581998 > > *Other signals*: > > Security > > We made sure that the popup from the continuation API is same-origin with > the IDP, and that it cannot communicate with the RP except through the > narrow IdentityProvider.resolve API. In particular, window.opener is null. > The additional parameters from the parameter and scope API are only sent to > the server after user interaction, and from a privacy perspective are > equivalent to the existing "nonce" field. However, from a developer > ergonomics perspective the additions are much easier to use. Account labels > were carefully designed not to add entropy and in particular not to send > additional data to the server. > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Goals for experimentation > > > > Reason this experiment is being extended > > We would like to extend this origin trial because our partner's > experimentation has been delayed for various reasons. In addition, we are > updating the API based on feedback from the CG/WG ( > https://github.com/w3c-fedid/custom-requests/issues/2#issuecomment-2342125924) > > and need some time to implement this and get partner feedback on that. > > > Ongoing technical constraints > > None > > > Debuggability > > No special support needed > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)? No > > FedCM in general is not supported in webview > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? Yes > > > https://wpt.fyi/results/credential-management/fedcm-authz?label=experimental&label=master&aligned > > (They currently fail on wpt.fyi because the feature is off by default) > > > Flag name on chrome://flags fedcm-authz > > Finch feature name FedCmAuthz > > Requires code in //chrome? True > > Tracking bug https://crbug.com/40262526 > > Launch bug https://launch.corp.google.com/launch/4315483 > > Measurement > https://chromestatus.com/metrics/feature/timeline/popularity/4955 In > addition, we have several UMA metrics. > > Estimated milestones > Shipping on desktop 131 > Origin trial desktop first 127 > Origin trial desktop last 131 > Origin trial extension 1 end milestone 133 > Shipping on Android 131 > Origin trial Android first 128 > Origin trial Android last 131 > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/6495400321351680?gate=5307216744415232 > > Links to previous Intent discussions Intent to Prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/qqrG6yn1u1Q?pli=1 > Intent to Experiment: > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XEedt%2Bu2pS_2NHHfxtEV9JJ7wbuKNEnieeWr6w8FtwKLw%40mail.gmail.com > > > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com>. > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/66bda6f4-4842-437b-a64c-1ae1af390fdfn%40chromium.org.
