w3c-fedid/FedCM Issues

Last updated Jun 4, 2025, 5:56:49 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

30 out-of-SLO untriaged issues
1 issues on the agenda

Untriaged

Try to triage issues within 7 days. [ More Info ]

Issue	Title	Within SLO	On maintainers' plates for	Time left	Time past SLO
#5	Conceptual Scope w.r.t. OpenID Connect/OAuth 2.0	❌	5.2 years		5.1 years
#83	delegation-oriented api requires "consequence-free" - must be free of entropy bits which could enable global tracking when IDPs and RPs collude	❌	4 years		3.9 years
#244	Resource Access 1.1.5 interaction model is vague	❌	3.2 years		3.1 years
#294	[Technical] Better specify AbortController support	❌	2.9 years		2.9 years
#312	Add note about PP / TOS	❌	2.9 years		2.9 years
#336	Validate that account_ids are unique	❌	2.8 years		2.8 years
#371	API should be disabled in Fenced Frames	❌	2.6 years		2.6 years
#384	Add non-normative note about compromised renderer	❌	2.5 years		2.5 years
#386	FedCM issues	❌	2.5 years		2.4 years
#387	Remove language referring to sign-up and sign-in, amplify in browser state machine	❌	2.4 years		2.4 years
#407	[Context API] - Authz / relation to ability to specificy scope	❌	2.4 years		2.3 years
#441	The IDP has to support additional infrastructure to support FedCM	❌	2.3 years		2.3 years
#469	Align on user flow for initial and returning FedCM prompts	❌	2.1 years		2.1 years
#487	Erroneous link to JSON object in automation section of spec	❌	1.9 years		1.9 years
#493	Should clearing IDP state also clear RP state?	❌	1.8 years		1.8 years
#495	Should getUserInfo() use an IdentityProviderConfig?	❌	1.8 years		1.8 years
#499	Validate urls once the config fetch occurs	❌	1.8 years		1.7 years
#540	Evaluate string types in the spec	❌	1.4 years		1.3 years
#564	FedCM 4 R&E: Filtering IdPs	❌	1.1 years		1.1 years
#565	FedCM 4 R&E: Technical Considerations	❌	1.1 years		1.1 years
#611	Move the WPTs out of the credential-manager directory	❌	1 year		11.8 months
#615	In addition to "use", "continue", "signin" and "signup", consider adding "pay" or "checkout"	❌	11.7 months		11.5 months
#625	Returning accounts go first in getUserInfo	❌	10.1 months		9.8 months
#645	User Info API vs. preventSilentAccess	❌	9 months		8.7 months
#665	Thoughts on FedCM full vs FedCM lite	❌	7.3 months		7.1 months
#688	Missing tasks in parallel steps in Federated Credential Management API	❌	4.9 months		4.6 months
#702	Skip accounts_endpoint call when there's no chance of success	❌	3.2 months		3 months
#726	getUserInfo definition bug: the connected account set computation uses the iframe's global to compute the connected account set key where it should use the top frame's global	❌	2.9 weeks		1.9 weeks
#727	getUserInfo should only reject with exceptions, not throw and reject in different cases	❌	2.1 weeks		1.1 weeks
#728	getUserInfo implicitly converts `IdentityProviderConfig` provider, into `IdentityProviderRequestOptions`	❌	2.1 weeks		1.1 weeks
#732	Make connected accounts set a quadruple	✔	9 hours	0.9 weeks

Agenda

Try to maintain fewer than 25 agenda items and discuss issues on the agenda within 35 days. [ More Info ] [ See these issues on Github ]

Issue	Title	Within SLO	On the agenda for	Time left	Time past SLO
#498	Add API to show error messages from failed token fetches	✔	1.6 weeks	3.4 weeks