johannhof
commented
10 months ago Hey, I see you also asked at https://github.com/fedidcg/FedCM/issues/501 so I'll follow up there.
Closed egor-limenko closed 10 months ago
johannhof
commented
10 months ago Hey, I see you also asked at https://github.com/fedidcg/FedCM/issues/501 so I'll follow up there.
egor-limenko
commented
10 months ago @johannhof Thanks!
Hey! I have a use case where I'm embedding an iframe in the third-party application. This iframe can execute an SSO process in a separate popup, which is from the same domain as the iframe. SSO auth sets cookies, that are going to be considered third-party for the host app, and this flow break when Third-party cookies are disabled.
While playing around with Chrome 117 beta, I was able to handle this case with iframe using Storage Access API. Though it looks like, based on the description, FedCM proposal is aimed to handle federated identity cases affected by third-party cookies phase out, which applies to my use case. So I'm trying to understand, which approach suits better (FedCM vs SAA)? Overall it looks like Storage Access API requires less effort to implement. It also seems that FedCM still does not support cross-origin iframe, but Google plans to address it.
Please let me know if this should rather be asked in FedCM github. Thanks in advance