w3c-fedid/FedCM Issues

Last updated Jun 25, 2025, 5:57:38 AM UTC.

This repository doesn't have the Priority: Eventually label that's used to mark an issue as triaged without giving it an SLO. Until that's added, this summary uses heuristics to guess if each issue has been triaged.

31 out-of-SLO untriaged issues

Untriaged

Try to triage issues within 7 days. [ More Info ]

Issue	Title	Within SLO	On maintainers' plates for	Time past SLO
#5	Conceptual Scope w.r.t. OpenID Connect/OAuth 2.0	❌	5.2 years	5.2 years
#83	delegation-oriented api requires "consequence-free" - must be free of entropy bits which could enable global tracking when IDPs and RPs collude	❌	4 years	4 years
#244	Resource Access 1.1.5 interaction model is vague	❌	3.2 years	3.2 years
#294	[Technical] Better specify AbortController support	❌	3 years	3 years
#312	Add note about PP / TOS	❌	3 years	2.9 years
#336	Validate that account_ids are unique	❌	2.8 years	2.8 years
#371	API should be disabled in Fenced Frames	❌	2.7 years	2.6 years
#384	Add non-normative note about compromised renderer	❌	2.6 years	2.5 years
#386	FedCM issues	❌	2.5 years	2.5 years
#387	Remove language referring to sign-up and sign-in, amplify in browser state machine	❌	2.5 years	2.5 years
#407	[Context API] - Authz / relation to ability to specificy scope	❌	2.4 years	2.4 years
#441	The IDP has to support additional infrastructure to support FedCM	❌	2.4 years	2.3 years
#469	Align on user flow for initial and returning FedCM prompts	❌	2.1 years	2.1 years
#487	Erroneous link to JSON object in automation section of spec	❌	2 years	1.9 years
#493	Should clearing IDP state also clear RP state?	❌	1.9 years	1.9 years
#495	Should getUserInfo() use an IdentityProviderConfig?	❌	1.8 years	1.8 years
#499	Validate urls once the config fetch occurs	❌	1.8 years	1.8 years
#540	Evaluate string types in the spec	❌	1.4 years	1.4 years
#564	FedCM 4 R&E: Filtering IdPs	❌	1.2 years	1.1 years
#565	FedCM 4 R&E: Technical Considerations	❌	1.2 years	1.1 years
#611	Move the WPTs out of the credential-manager directory	❌	1.1 years	1 year
#615	In addition to "use", "continue", "signin" and "signup", consider adding "pay" or "checkout"	❌	1 year	1 year
#625	Returning accounts go first in getUserInfo	❌	10.8 months	10.5 months
#645	User Info API vs. preventSilentAccess	❌	9.7 months	9.4 months
#665	Thoughts on FedCM full vs FedCM lite	❌	8 months	7.8 months
#688	Missing tasks in parallel steps in Federated Credential Management API	❌	5.6 months	5.3 months
#702	Skip accounts_endpoint call when there's no chance of success	❌	3.9 months	3.7 months
#726	getUserInfo definition bug: the connected account set computation uses the iframe's global to compute the connected account set key where it should use the top frame's global	❌	1.4 months	1.1 months
#728	getUserInfo implicitly converts `IdentityProviderConfig` provider, into `IdentityProviderRequestOptions`	❌	1.2 months	4.1 weeks
#745	Add status checks to fetches	❌	1.1 weeks	14 hours
#746	Potential issue with Clear-Site-Data and unknown login status	❌	1.1 weeks	10 hours