This is the repository for the W3C's WICG Federated Credentials Management API.
Explainer: explainer/README.md
Work-in-progress specification: https://wicg.github.io/FedCM/
As the web has evolved there have been ongoing privacy-oriented changes (example) and underlying privacy principles. With those changes some underlying assumptions of the web are changing. One of those changes is the deprecation of third-party cookies. While overall good for the web, third-party cookie deprecation leaves holes in how some existing systems on the web were designed and deployed.
Federated Credentials Management API aims to fill the specific hole left by the removal of third-party cookies on federated login. Historically this has relied on third-party cookies or navigational redirects in order to function as they were the primitives provided by the web.
The explainer and spec provide a potential API and the rational behind how that API was designed.
Much of the FedCM specification has evolved due to the experimentation detailed in the explainer. The explainer documents give a good overview of the why of the FedCM API. Please read over the documents to understand how the current API has evolved.
There are several ways to contribute to the Federated Credential Management API.
-
If you're an interested party and have potential requirements, they can be submitted to the IDBrowserUseCases repository. There are also discussions ongoing in the Fed-ID CG about the various use cases.
-
If you'd like to try out the current demo of the FedCM API you can follow the HOWTO document.
-
If you're an Identity Provider, there are two sides of the implementation that will be needed and any feedback on either side is appreciated.
- The Identity Provider API describes the manifest and API needed server side.
- The Browser API describes the JavaScript interface to FedCM which will need to be utilized.
-
If you're a Relying Party (i.e. website) and would like to test the changes out we'd appreciate feedback, you'll need to do something similar to the HOWTO.md to setup a fake IDP which can serve the needed JavaScript. (Until an IDP provides first party JavaScript to work with FedCM this integration will be tricker). You can also review the demo provided by the HOWTO and take a look at the Relying Party API to see what is needed on the RP side.
This group operates under W3C's Code of Conduct Policy.