- From: sam goto <notifications@github.com>
- Date: Thu, 30 Jun 2022 15:21:51 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/718/1171733526@github.com>
> The explainer seems to imply that a name and picture are always required as part of the login flow. Is this actually the case or have I misunderstood? I'm sure not all IDPs or RPs are going to want/require names and pictures, and some IDPs may provide different ways of distinguishing between accounts (eg. a colour profile, or description?).
Yes, this is a [known issue](https://github.com/fedidcg/FedCM/issues/242#issuecomment-1146493676) that we'd like to move away from. But you are right in reading that this is where the spec/explainer is at the moment, and we agree that it an undesirable shortcoming, in that it is not expressive enough yet. We think where the spec is starting at is a reasonable baseline, and we agree that it needs to be more expressive going forward to capture the nuance of different requirements.
One idea is to allow the relying party specify what it needs from the IDP (one idea is to re-use the query structure developed by OIDC [here](https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter)).
Here is an example of what that API could look like:
```js
await navigator.credentials.get({
federated: {
claims: {
name: {essential: true}, // required
email: null, // optional
emailVerified: null, // optional
picture: {essential: true}, // required
},
providers: [{
url: "https://idp.example",
clientId: "123"
}]
}
});
```
--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/718#issuecomment-1171733526
You are receiving this because you are subscribed to this thread.
Message ID: <w3ctag/design-reviews/issues/718/1171733526@github.com>
Received on Thursday, 30 June 2022 22:22:04 UTC