FedCM updates: Filtered out accounts UI change in Chrome 133
Stay organized with collections
Save and categorize content based on your preferences.
Natalia Markoborodova
We are introducing a change in how the FedCM UI handles filtered-out accounts from Chrome 133.
Clearer communication about filtered-out accounts
Several cases may cause an account to be filtered out and ineligible for login:
A Relying Party (RP) only allows accounts associated with a certain domain. See
domain hint API.
RP filters out all but returning accounts. See
login hint API.
Identity Providers (IdPs) can annotate accounts with labels so that RPs can filter them by
specifying the configURL for that specific label.
See Custom Account Labels.
In the previous Chrome implementation, the FedCM UI didn't display accounts that were filtered out
by the RP and IdPs. As a result, when a user logged in with an IdP but no accounts were available to
use, the mismatch UI would be displayed every
time.
Before: FedCM Mismatch UI.
To enhance the user experience, FedCM is introducing a UI change. Chrome will now show filtered-out
accounts in the UI if these conditions apply:
The user has already attempted to sign in to the IdP in a dialog and returned to the RP.
All the fetched accounts are filtered out, and no account is available for the user to sign
into this RP.
This will provide users with an understanding that some accounts, while recognized by FedCM, are
not eligible for use on the current RP.
Reduced confusion: If a user logs into an account that is filtered out, they will see
the account listed and understand that it's not accepted by the RP. Before this change, the
user could be confused by an infinite loop: they would try to sign in to a filtered-out account
and then see the mismatched UI, which prompted them to sign in again.
Contextual information: The UI will take into account the RP context and domain hints to
provide relevant guidance to the user.
We value your feedback
We encourage you to share your thoughts and feedback on this change. You can file an issue on our
issue tracker. We
will continue to update the FedCM developer documentation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-06 UTC."],[[["Chrome 133 introduces a change in the FedCM UI to display filtered-out accounts, offering a clearer understanding of why certain accounts are ineligible for login."],["Previously, filtered-out accounts were not shown, leading to user confusion and the display of the mismatch UI, even with existing accounts."],["The updated FedCM UI now shows filtered-out accounts if a user has previously attempted to sign in and all fetched accounts are ineligible for the current Relying Party (RP)."],["This change enhances user experience by reducing confusion and providing contextual information about why certain accounts are not accepted by the RP."],["Developers are encouraged to provide feedback on this change through the issue tracker, with continued updates planned for the FedCM developer documentation."]]],["Chrome 133 updates the FedCM UI to display filtered-out accounts under specific conditions: when a user returns to the Relying Party (RP) after a sign-in attempt and all fetched accounts are filtered. This change aims to reduce user confusion by showing accounts recognized by FedCM but ineligible for the current RP due to domain hints, login hints, or custom account labels. Users will now see why accounts are unavailable, preventing potential infinite loops and providing contextual information.\n"]]
