[credential-management] Use of Federated Credentials from Anton Nemtsev on 2020-10-18 (public-webappsec@w3.org from October 2020)

From: Anton Nemtsev <newsilentimp@gmail.com>
Date: Sun, 18 Oct 2020 17:25:59 +0200
To: public-webappsec@w3.org
Message-ID: <CA+JO0f+GDOGgvXamgWqM0Lxv-eE3AqwKM_qTJ2RviTVng9MgMw@mail.gmail.com>

Hi.
Am I correct, and all benefit of using federated credentials is getting
information about which provider was used? For example, was it Facebook or
Google? And then — sign in with API of this provider?
Also, is there a situation when we need to modify credentials? Just save
them after the first login with Facebook or Google, and that's all?
Is there a full list of the providers that we need to pass to the
FederatedCredential?
In the
https://w3c.github.io/webappsec-credential-management/#provider-identification
written that we should use an exact name, but:
1. why, if it's just a flag of login with the provider
2. which one? I don't know where to get these names.

With all the best. Anton.

Received on Sunday, 18 October 2020 15:26:24 UTC