fedidcg/FedCM Issues

Last updated Sep 3, 2024, 5:49:01 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

Untriaged

Try to triage issues within . [ More Info ]

Issue Title Within SLO On maintainers' plates for Time left Time past SLO
#5 Conceptual Scope w.r.t. OpenID Connect/OAuth 2.0
#83 delegation-oriented api requires "consequence-free" - must be free of entropy bits which could enable global tracking when IDPs and RPs collude
#244 Resource Access 1.1.5 interaction model is vague
#294 [Technical] Better specify AbortController support
#312 Add note about PP / TOS
#336 Validate that account_ids are unique
#371 API should be disabled in Fenced Frames
#384 Add non-normative note about compromised renderer
#386 FedCM issues
#387 Remove language referring to sign-up and sign-in, amplify in browser state machine
#407 [Context API] - Authz / relation to ability to specificy scope
#441 The IDP has to support additional infrastructure to support FedCM
#469 Align on user flow for initial and returning FedCM prompts
#487 Erroneous link to JSON object in automation section of spec
#493 Should clearing IDP state also clear RP state?
#495 Should getUserInfo() use an IdentityProviderConfig?
#499 Validate urls once the config fetch occurs
#540 Evaluate string types in the spec
#550 Mention SameSite cookies in accounts fetch
#552 Allow IDPs to use multiple config files within an eTLD+1
#553 Allowing IDPs to expose different account lists in different contexts
#563 FedCM for Research and Education
#564 FedCM 4 R&E: Filtering IdPs
#565 FedCM 4 R&E: Technical Considerations
#566 FedCM 4 R&E: Organization Chooser / WAYF
#567 Requesting permission for ability to display RP icon, human readable RP name or human readable IDP name
#575 Allow showing the widget UI for logged-out users
#589 Relax the mimetype check of the .well-known/web-identity file
#609 Spec says we send SameSite=Strict cookies
#611 Move the WPTs out of the credential-manager directory
#615 In addition to "use", "continue", "signin" and "signup", consider adding "pay" or "checkout"
#616 Once `params` are merged into the spec, deprecate the `nonce` parameter
#625 Returning accounts go first in getUserInfo
#627 Add webdriver command to open PP/TOS
#641 Break the Login Status API spec out of the FedCM spec
#643 PR Preview broke

Agenda

Try to maintain fewer than 25 agenda items and discuss issues on the agenda within . [ More Info ] [ See these issues on Github ]

Issue Title Within SLO On the agenda for Time left Time past SLO
#556 Passing arbitrary parameters to the ID assertion endpoint