Skip to content

Status of FPWD‐identified Issues

Jump to bottom
Heather Flanagan edited this page Nov 26, 2024 · 27 revisions

This is a tracking list of issues the WG labeled as critical open issues during the FPWD process that must be formally addressed before publication of a Candidate Recommendation.

Issue Stage Proposal
Issue 428: Enforce CORS on the Identity Assertions endpoint 2 (merged) See PR 547
Issue 537: Allow setting IDP login status from same-site subresources 2 (merged) See PR 538
Issue 442: A not-yet logged in IDP has no route to success with this flow – Active Mode 2 (merged) Active Mode API
Issue 555: Allow IdPs to continue and finish the request in a popup window – Continuation API 2 (merged) Continuation API
Issue 556: Passing arbitrary parameters to the ID assertion endpoint 2 (merged) Params API
Issue 559: Allow RPs to selectively request attributes of the user’s profile 2 Fields API
Issue 511: Allow signing in to additional account(s) 2 Add Account API
Issue 553: Allowing IDPs to expose different account lists in different contexts 2 Account Labels API
Issue 552: Allow IDPs to use multiple config files within an eTLD+1 2 (merged) Multiple configURLs API
Issue 488: Users may be confused after showing intent to sign in but the sign-in is failed 2? Error API
Issue 319: Allow multiple IDPs to be used 2 Multi-IdP API
Issue 467: Use cases for Cross-Site Cookie Access through Storage Access API after FedCM grant? – SAA Auto-grant 2 (merged into the SAA spec) Storage Access API Auto-grant
Issue 517: Allow user agents to use "Connected Accounts Set" with flexibility 2? 3PC Relaxation
Issue 352: Share performance measurement with IDP 2? Metrics API
Issue 407: [Context API] - Authz / relation to ability to specify scope 2? duplicate of this?
Issue 240: Users can’t use IdPs outside of the ones enumerated by RPs 1 IdP Registration API
Issue 441: The IDP has to support additional infrastructure to support FedCM 1 Lightweight API
Issue 317: concerns about email in Accounts List 1? Proposal to move to Stage 1
Issue 320: Why Sec-FedCM-CSRF and not Sec-Fetch-Mode 0
Issue 578: Allow IdPs to return JSON objects rather than Strings back to RPs 0
Issue 585: Allow IdP registration and RPs to match on a "type" – IdP Registration 0
Issue 587: Why must SameSite=none? 0
Issue 599: OAuth profile for FedCM 0
Issue 609: Spec says we send SameSite=Strict cookies 0
Issue 616: Once params are merged into the spec, deprecate the nonce parameter 0
Issue 618: Support chained authentication flows before reducing heuristics and classifications/lists in navigational tracking mitigations 0
Issue 620: Make it easier to deploy this at the eTLD+1 for registered IdPs 0
Issue 625: Returning accounts go first in getUserInfo 0
Issue 626: PP/TOS requirements are different from auto reauthentication 0
Issue 627: Add webdriver command to open PP/TOS 0
Clone this wiki locally