ekovac
commented
4 hours ago Agreed, this needs to be made more explicit. I believe we came to an agreement that, yes, this will use the same behavior as the assertion endpoint from FedCM. https://github.com/fedidcg/LightweightFedCM/issues/42#issuecomment-2361374025
The explainer talks about a tokenURL that can be provided to fetch a token from the IdP after an account is selected.
But the explainer is vague on exactly how the fetch should be done and what data is provided. Perhaps (?) it should happen in the same way as FedCM Full does it, although there is no mention of an accountId in the proposal, making this harder.
Basically, it would be nice to know if the fetch will happen with GET or POST and with which parameters, if any.