Stay organized with collections
Save and categorize content based on your preferences.
Who are these updates for?
These updates are for you if:
You are an IdP using the Federated Credential Management API.
You are an IdP or RP and interested in extending the API to fit your use
case – for example, you've been observing or participating in
the discussions on the FedID CG repository
and want to understand the changes made to the API.
You are a browser vendor and you want to catch up on the implementation
status of the API.
We are working on landing a number of changes to FedCM. There are a few things we know that still need to be done, including issues we heard about from IdPs, RPs and browser vendors. We believe we know how to resolve these issues:
Multiple-IdP API: We are exploring ways to support multiple IdPs to coexist cooperatively in the FedCM account chooser.
Registration API: We're exploring ways to allow RPs to accept any compliant IdPs, instead of listing specific ones. This will further benefit smaller IdPs.
Improved Fields API: support more selectable identity attributes within the Fields API (such as phone number, username, and others), and improve the disclosure UI so that it better reflects the information that the RP is requesting.
Relationship with mDLs/VCs/etc: continue working to understand how these fit within FedCM, for example with the Digital Credentials API.
Integration with other Chrome features like Passkeys and Autofill.
Delegation-oriented FedCM: We're experimenting with ways to extend FedCM to support 3-party token formats SD-JWT-KB, MDocs and BBS) in addition to the existing 2-party token formats (such as JWT for OIDC, SAML, etc) to mitigate the IdP Tracking Problem.
Metrics endpoint: Provides performance metrics to IdPs.
Enterprises and Education: As is clear at the FedID CG, there are still a lot of use cases that are not well served by FedCM that we'd like to work on, such as front-channel logout (the ability for an IdP to send a signal to RPs to logout).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-01-30 UTC."],[[["The Federated Credential Management API, shipped in Chrome 108, is actively evolving with new features and improvements in subsequent Chrome releases."],["Updates include UX enhancements like different UI modes, a 'Use Other Account' option, and the ability for RPs to request specific user information."],["Security improvements have been implemented, such as using FedCM as a trust signal for the Storage Access API and CORS enforcement on the ID assertion endpoint."],["Developers can stay informed about FedCM API changes through the Privacy Sandbox blog and the FedCM developer newsletter."],["Important changes were made to the API in various Chrome versions, including renaming endpoints and parameters, introducing new APIs like Login Status and Error API, and enhancing auto-reauthentication functionality."]]],["The Federated Credential Management API is evolving, with no planned breaking changes. Key updates include: supporting multiple IdPs; allowing RPs to accept any compliant IdP via a Registration API; enhancing the Fields API for more identity attributes; and exploring integration with mDLs/VCs, Passkeys, and Autofill. They are also exploring a Delegation-oriented FedCM and a Metrics endpoint for IdPs, as well as supporting additional use cases for Enterprises and Education.\n"]]
