On Mon, Aug 10, 2015 at 2:13 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> GitHub is on both sides here I think. They also have some places, as
> does Google I'm sure, where the only account you can use is GitHub.
> However, without going through the server they can't really
> communicate about their respective states.
>
Sure. If you only have one provider, then this API does nothing for you at
the moment. I think I can grant that and still claim that it solves a
different problem. :)
Basically, getting token generation into the browser is going to be a ton
of work. I think it's work that we should do. I don't think it's work
that's necessary to start providing value.
> > I don't have any concrete feedback to share, but I can share the general
> > comment that folks who support more than one federation see a real
> problem
> > with users forgetting which service they've used, creating multiple
> > accounts, and then generating support requests to merge them after the
> fact.
> > Addressing that problem seems valuable.
>
> But the only tangible bit you're offering them is storing this bit of
> information together with credentials, rather than elsewhere, so it
> won't be cleared. Is users clearing their data but not credentials a
> really common problem? It seems somewhat unlikely.
>
According to the (internal, sorry!) `ClearBrowsingData_Cookies` counter,
~11.1% of Chrome users who opted into sharing statistics cleared their
cookies in the past 7 days. I imagine (with no data to back me up) that the
percentage is higher for users who chose not to opt in.
That's a pretty large chunk of the userbase of any particular website who
could have a better experience if the API (or something like it) was
available.
-mike