Intent to Ship: FedCM—Support Structured JSON Responses from IdPs

97 views
Skip to first unread message

Chromestatus

unread,
Sep 5, 2025, 11:51:39 PM (5 days ago)  Sep 5
to blin...@chromium.org, sures...@microsoft.com

Contact emails

sures...@microsoft.com

Explainer

https://github.com/w3c-fedid/idp-registration/issues/13#issuecomment-3254858070

Specification

https://github.com/w3c-fedid/FedCM/pull/771

Summary

Allows Identity Providers (IdPs) to return structured JSON objects instead of plain strings to Relying Parties (RPs) via the id_assertion_endpoint. This change simplifies integration for developers by eliminating the need to manually serialize and parse JSON strings. It enables more dynamic and flexible authentication flows, allowing RPs to interpret complex responses directly and support varied protocols like OAuth2, OIDC, or IndieAuth without out-of-band agreements.



Blink component

Blink>Identity>FedCM

Web Feature ID

fedcm

TAG review

https://github.com/w3ctag/design-reviews/issues/1147

TAG review status

Issues open

Risks



Interoperability and Compatibility

None



Gecko : No signal comments from Ben Vandersloot in https://github.com/w3c-fedid/meetings/blob/main/2025/2025-07-29-FedCM-notes.md#status-of-cr-blockers , No strong opinions

WebKit : No signal

Web developers : Positive

Other signals : This was requested by Identity providers.

Ergonomics

n/a



Activation

n/a



Security

n/a



WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

n/a, FedCM not supported in WebView



Debuggability

Same as other FedCM features. The network view in devtools would be especially helpful for debugging this feature.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

FedCM in general is not supported on webview. Supported on all other blink platforms.



Is this feature fully tested by web-platform-tests ?

Yes

https://wpt.fyi/results/fedcm/fedcm-flexible-token?label=experimental&label=master



Flag name on about://flags

None

Finch feature name

FedCmNonStringToken

Rollout plan

Will ship enabled for all users

Requires code in //chrome?

False

Tracking bug

https://issues.chromium.org/346567168

Estimated milestones

Shipping on desktop 143
Shipping on Android 143


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

none

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5153509557272576?gate=5128781719273472

This intent message was generated by Chrome Platform Status .

Yoav Weiss (@Shopify)

unread,
Sep 9, 2025, 8:33:34 AM (yesterday)  Sep 9
to Chromestatus, blin...@chromium.org, sures...@microsoft.com
LGTM1

This seems like a small yet useful addition.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org .
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68bbafb9.050a0220.257801.01b2.GAE%40google.com .

Alex Russell

unread,
11:13 AM (9 hours ago)  11:13 AM
to blink-dev, Yoav Weiss, blin...@chromium.org, sures...@microsoft.com, Chromestatus
I like the change, but the linked "explainer" doesn't cover the ground we expect to see. Can you please draft a separate document for this feature and address questions raised in the GH thread in that doc?

Thanks,

Alex

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org .
Reply all
Reply to author
Forward
0 new messages