On Mon, Aug 10, 2015 at 2:13 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > GitHub is on both sides here I think. They also have some places, as > does Google I'm sure, where the only account you can use is GitHub. > However, without going through the server they can't really > communicate about their respective states. > Sure. If you only have one provider, then this API does nothing for you at the moment. I think I can grant that and still claim that it solves a different problem. :) Basically, getting token generation into the browser is going to be a ton of work. I think it's work that we should do. I don't think it's work that's necessary to start providing value. > > I don't have any concrete feedback to share, but I can share the general > > comment that folks who support more than one federation see a real > problem > > with users forgetting which service they've used, creating multiple > > accounts, and then generating support requests to merge them after the > fact. > > Addressing that problem seems valuable. > > But the only tangible bit you're offering them is storing this bit of > information together with credentials, rather than elsewhere, so it > won't be cleared. Is users clearing their data but not credentials a > really common problem? It seems somewhat unlikely. > According to the (internal, sorry!) `ClearBrowsingData_Cookies` counter, ~11.1% of Chrome users who opted into sharing statistics cleared their cookies in the past 7 days. I imagine (with no data to back me up) that the percentage is higher for users who chose not to opt in. That's a pretty large chunk of the userbase of any particular website who could have a better experience if the API (or something like it) was available. -mike
Received on Monday, 10 August 2015 12:24:50 UTC