FedCM API extension: Button Mode and User Other Account API

[yi-gu]

こんにちは TAG-さん!

I'm requesting a TAG review of FedCM Button Mode API and Use Other Account API. These are extensions to the existing FedCM API.

The web needs a long term solution for federated login, as browsers handle tracking on the web. While heuristics can buy us some time in the short term, these two proposals extend FedCM to put us a couple steps closer to being able to operate federated login without them. The first extension handles a “button” mode (as opposed to / in addition to the current “widget” mode), where the browser needs to handle more gracefully when users are logged out of IdPs (take the user to login to the IdP, as opposed to failing silently), as Mozilla pointed out here. The second extension allows users to “use other accounts” in the account chooser, for example, when IdPs support multiple accounts or replacing the existing account.

• Explainer¹ (We publish explainers as issues per request from Mozilla. See https://github.com/w3ctag/design-reviews/issues/813#issuecomment-1466632934): explainer
• Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.
• GitHub repo (if you prefer feedback filed there): url
• Primary contacts (and their relationship to the specification):
  • [Yi Gu] ([@yi-gu], Google Chrome)
  • [Christian Biesinger] ([@cbiesinger], Google Chrome)
  • [Sam Goto] ([@samuelgoto], Google Chrome, spec editor)
• Organization/project driving the design: Google Chrome
• External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):
  • https://chromestatus.com/feature/4689551782313984

Further details:

• [X] I have reviewed the TAG's Web Platform Design Principles
• The group where the incubation/design work on this is being done (or is intended to be done in the future): FedIDCG
• The group where standardization of this work is intended to be done ("unknown" if not known): unknown
• Existing major pieces of multi-stakeholder review or discussion of this design: No
• Major unresolved issues with or opposition to this design: No
• This work is being funded by: Google Chrome

You should also know that...

There are discussions on the API shape in this thread. It also includes UX mocks which may help with understanding the scope and user journeys.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify [@yi-gu, @cbiesinger, @samuelgoto]

[samuelgoto]

FWIW, just to report back here, the button mode API recently entered origin trials (the blog post may be useful to give a sense of what problems it solves, specifically this) and is in active production experimentation.