[Openid-specs-fapi] Issue #689: FAPI + FedCM (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Fri Apr 12 12:57:19 UTC 2024
New issue 689: FAPI + FedCM
https://bitbucket.org/openid/fapi/issues/689/fapi-fedcm
Joseph Heenan:
There is an effort going on at W3C to define a new browser API for iDPs to provide identity information: [https://fedidcg.github.io/FedCM/](https://fedidcg.github.io/FedCM/)
There’s two things here that I think are relevant to the FAPI working group:
1. It is likely that at some point Browsers will break OAuth2 flows when they block the use of link decoration user tracking, and FedCM is the fix for this
2. The FedCM API provides some potential advantages, like we may be able to use it such that the Browser \(or the OS in a native app RP\) is able to display a list of banks the user has previously logged into, giving the user an easier way to select a bank than the current nascar issue of 40\+ UK banks and 100\+ Brazil banks.
There are some slides from OSW with background on FedCM here: [https://tcslides.link/OSW24-FedCM101](https://tcslides.link/OSW24-FedCM101)
I think the main thing here is to raise the profile of this work within the FAPI working group. We don’t think FedCM as it is defined/implemented today quite works for the OpenBanking/FAPI type use cases, but from discussions at OAuth Security Workshop there is definitely the possibility to make some changes so it does work. One helpful thing might be if banks or fintechs would join and participate in [https://www.w3.org/community/fed-id/](https://www.w3.org/community/fed-id/)
More information about the Openid-specs-fapi
mailing list