FedCM API extension: Error API, AccountAutoSelectedFlag, HostedDomain and Revocation API

[yi-gu]

こんにちは TAG-さん!

I'm requesting a TAG review of Error API, AccountAutoSelectedFlag, HostedDomain and Revocation API. These are small additions to the existing FedCM API so I'm requesting a single review for all of them together.

• Summary
  - With the Error API, the browser can inform users with proper error messages when their sign-in request has failed.
  - With the AccountAutoSelected Flag API, the browser could help developers to determine if FedCM token requests were initiated with explicit user permission to improve their services.
  - With the Hosted Domain API, RP can choose to only show the accounts which are associated with a certain domain.
  - With the Revocation API, developers can revoke the connection between RP and IdP upon user request and update the browser to optimize the future flows.

• Explainer¹ (minimally containing user needs and example code): (We publish explainers as issues per request from Mozilla. See more context here). For explainers please see the first and second comments of Error API, AccountAutoSelectedFlag, HostedDomain and Revocation.

• Security and Privacy self-review²: Please see the security and privacy consideration section in the explainers.

• GitHub repo (if you prefer feedback filed there): [url]

• Primary contacts (and their relationship to the specification):

  • Yi Gu (@yi-gu, Google Chrome)
  • Nicolas Pena Moreno (@npm1, Google Chrome)
  • Sam Goto (@samuelgoto, Google Chrome, spec editor)

• Organization/project driving the design: Google Chrome

• External status/issue trackers for this feature (publicly visible, e.g. Chrome Status):

  • Error and AccountAutoSelectedFlag
  • Hosted Domain and Revocation

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• The group where the incubation/design work on this is being done (or is intended to be done in the future): FedID CG
• The group where standardization of this work is intended to be done ("unknown" if not known): unknown
• Existing major pieces of multi-stakeholder review or discussion of this design: No
• Major unresolved issues with or opposition to this design: No
• This work is being funded by: Google Chrome

You should also know that...

We have spec PRs for Error API and AccountAutoSelectedFlag API since Chrome plans to ship them sooner than the other two.

We'd prefer the TAG provide feedback as

💬 leave review feedback as a comment in this issue and @-notify [@yi-gu, @npm1, @samuelgoto]

[hadleybeeman]

Hi all. We've reviewed this in our W3C TAG breakout today.

These features look like a small change, as you say. We don't see any architectural implications for the web in what you've got here.

Is there anything in particular you need from us? If not, we are minded to close this and wish you well. Feel free to re-open it of we can be of any help.

[yi-gu]

Thank you for taking your time to review our proposals!