Access to FedCM available options (suitable to site) #451
Comments
It would be a leak of information for a site that has not engaged with the user to be able to query the last IDP used by the user. Any ideas on how we can achieve your use-case without this leak?
It is different in the sense that this feature requires knowing some user information before FedCM has been used on the site, whereas for the personalized buttons we are supporting this only when FedCM has been used in this site in the past. |
|
When there has not yet been an association to an identity would be tricky because of the information leak like @npm1 detailed. However, if there is an association to an identity through a FedCM already used profile, that's possible through the UserInfo API to pre-populate the button. We also think it's a browser responsibility to show the last used IDP. Closing for now, feel free to reopen if you have any additional concerns. |
In the current Seamless Access implementation, we use a Seamless Access cookie to allow for the "Access button" to be pre-populated with the latest chosen institute. This allows for cross-domain ease of use.
It was marked that FedCM would beyond its authentication case, provide a potential solution for this. Is it possible to pre-populate with a identity provider from the FedCM list (and potentially match against accepted identity providers) - when there has not yet been an association to a identity.
This would be similar to pre-populating the Google sign-in button on a site, with the name of a FedCM already used profile.
The text was updated successfully, but these errors were encountered: