`login_url` lacks a mode hint

w3c-fedid / FedCM

A privacy preserving identity exchange Web API

https://w3c-fedid.github.io/FedCM/

Other

375 stars 72 forks source link

`login_url` lacks a mode hint #602

Open panva opened 5 months ago

panva commented 5 months ago

There's only one login_url in the IdP configuration and it's shared for all modes.

But the modes can be configured differently in the IdP configuration, e.g.

{
  // ...
  "modes": {
    "button": {
      "supports_use_other_account": true,
    },
    "widget": {
      "supports_use_other_account": false,
    }
  }
}

Should there be an indication about the used mode at the login_url when it's invoked?

npm1 commented 5 months ago

Hmm why though? User signing in to the IdP should not depend on the FedCM mode that the RP is requesting, should it?

panva commented 5 months ago

Hmm why though? User signing in to the IdP should not depend on the FedCM mode that the RP is requesting, should it?

For one it may be valuable to know the conversion of one over the other. Altho we do get the mode in the subsequent assertion call we can't tell the drop off in between the modes during login.

tttzach commented 3 weeks ago

Is this only for metrics purposes or do you have functional changes in mind? We do have plans for a metrics endpoint which at its current state doesn't include this mode information but we are open to hearing your use case.