[w3ctag/design-reviews] FedCM API extension: Button Mode and User Other Account API (Issue #935) from yi-gu on 2024-02-16 (public-webapps-github@w3.org from February 2024)

From: yi-gu <notifications@github.com>
Date: Fri, 16 Feb 2024 13:33:53 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/935@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of FedCM Button Mode API and Use Other Account API. These are extensions to the existing [FedCM API](https://fedidcg.github.io/FedCM/).

The web needs a long term solution for federated login, as browsers handle tracking on the web. While [heuristics](https://groups.google.com/a/chromium.org/g/blink-dev/c/yGhI6iTAfeA/m/Z4DR3K23AQAJ) can buy us some time in the short term, these two proposals extend FedCM to put us a couple steps closer to being able to operate federated login without them. The first extension handles a “button” mode (as opposed to / in addition to the current “widget” mode), where the browser needs to handle more gracefully when users are logged out of IdPs (take the user to login to the IdP, as opposed to failing silently), as Mozilla pointed out [here](https://github.com/fedidcg/FedCM/issues/442). The second extension allows users to “use other accounts” in the account chooser, for example, when IdPs support multiple accounts or replacing the existing account.

  - Explainer¹ (We publish explainers as issues per request from Mozilla. See https://github.com/w3ctag/design-reviews/issues/813#issuecomment-1466632934): [explainer](https://github.com/fedidcg/FedCM/issues/442#issuecomment-1949323416)
  - Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.
  - GitHub repo (if you prefer feedback filed there): [url](https://github.com/fedidcg/FedCM)
  - Primary contacts (and their relationship to the specification):
      - [Yi Gu] ([@yi-gu], Google Chrome)
      - [Christian Biesinger] ([@cbiesinger], Google Chrome)
      - [Sam Goto] ([@samuelgoto], Google Chrome, spec editor)
  - Organization/project driving the design: Google Chrome
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):
      - https://chromestatus.com/feature/4689551782313984

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): FedIDCG
  - The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  - Existing major pieces of multi-stakeholder review or discussion of this design: No
  - Major unresolved issues with or opposition to this design: No
  - This work is being funded by: Google Chrome

You should also know that...

There are discussions on the API shape in this [thread](https://github.com/fedidcg/FedCM/issues/442). It also includes UX mocks which may help with understanding the scope and user journeys.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  💬 leave review feedback as a **comment in this issue** and @-notify [@yi-gu, @cbiesinger, @samuelgoto]

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/935
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/935@github.com>

Received on Friday, 16 February 2024 21:33:57 UTC