search

w3c-fedid / custom-requests

This is a proposal to extend FedCM to allow RPs to make custom requests to the IdP
3 stars 1 forks source link

readme

Custom Requests

This is a Stage 1 proposal of the FedID CG to extend FedCM to allow RPs to make custom requests to the IdP.

Champions

Participate

The Problem

FedCM’s account chooser and disclosure dialog only allows asking for permission to share standard claims (e.g. user’s name, email address and profile picture). However, commonly Identity Providers (IdPs) need to ask for additional information before returning the token to the relying party (RP), such as requesting re-authentication, scopes beyond standard claims (e.g. API access), verifying up-to-date contact information, parental controls, etc.

There is currently no mechanism that an IdP can use to use their own words to request their user's permission before returning a token to the RP.

The Proposal

The proposal is to introduce:

  1. The API affordance that allow RPs to pass custom requests to IdPs
  2. The API affordance that allows IdPs to continue and finish the request in a popup window
  3. The API affordance that allow RPs to select which attributes of the user's profile they are looking for

Alternatives Considered

Acknowledgements