Skip to content

This is a proposal to extend FedCM to allow RPs to make custom requests to the IdP

Notifications You must be signed in to change notification settings

w3c-fedid/custom-requests

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

Custom Requests

This is a Stage 1 proposal of the FedID CG to extend FedCM to allow RPs to make custom requests to the IdP.

Champions

  • @cbiesinger

Participate

The Problem

FedCM’s account chooser and disclosure dialog only allows asking for permission to share standard claims (e.g. user’s name, email address and profile picture). However, commonly Identity Providers (IdPs) need to ask for additional information before returning the token to the relying party (RP), such as requesting re-authentication, scopes beyond standard claims (e.g. API access), verifying up-to-date contact information, parental controls, etc.

There is currently no mechanism that an IdP can use to use their own words to request their user's permission before returning a token to the RP.

The Proposal

The proposal is to introduce:

  1. The API affordance that allow RPs to pass custom requests to IdPs
  2. The API affordance that allows IdPs to continue and finish the request in a popup window
  3. The API affordance that allow RPs to select which attributes of the user's profile they are looking for

Alternatives Considered

Acknowledgements

About

This is a proposal to extend FedCM to allow RPs to make custom requests to the IdP

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •