Status of FPWD‐identified Issues

This is a tracking list of issues the WG labeled as critical open issues during the FPWD process that must be formally addressed before publication of a Candidate Recommendation.

Criteria for a feature to be in core: a second implementation that agrees with the design. All other features will be considered for an extension (which may be limited to one browser's implementation).

Issue	Stage	Proposal	Core FedCM?
Issue 428: Enforce CORS on the Identity Assertions endpoint	2 (merged)	See PR 547	Yes
Issue 537: Allow setting IDP login status from same-site subresources	2 (merged)	See PR 538	Yes
Issue 442: A not-yet logged in IDP has no route to success with this flow – Active Mode	2 (merged)	Active Mode API	Yes
Issue 555: Allow IdPs to continue and finish the request in a popup window – Continuation API	2 (merged)	Continuation API	Yes
Issue 556: Passing arbitrary parameters to the ID assertion endpoint	2 (merged)	Params API	Yes
Issue 559: Allow RPs to selectively request attributes of the user’s profile	2	Fields API	No
Issue 511: Allow signing in to additional account(s)	2	Add Account API	Yes
Issue 553: Allowing IDPs to expose different account lists in different contexts	2	Account Labels API	Yes
Issue 552: Allow IDPs to use multiple config files within an eTLD+1	2 (merged)	Multiple configURLs API	Yes
Issue 488: Users may be confused after showing intent to sign in but the sign-in is failed	2?	Error API	TBD
Issue 319: Allow multiple IDPs to be used	2	Multi-IdP API	Yes
Issue 467: Use cases for Cross-Site Cookie Access through Storage Access API after FedCM grant? – SAA Auto-grant	2 (merged into the SAA spec)	Storage Access API Auto-grant	Yes
Issue 517: Allow user agents to use "Connected Accounts Set" with flexibility	2?	3PC Relaxation	No
Issue 352: Share performance measurement with IDP	2?	Metrics API	No
Issue 407: [Context API] - Authz / relation to ability to specify scope	2?	duplicate of this?	Yes
Issue 240: Users can’t use IdPs outside of the ones enumerated by RPs	1	IdP Registration API	No
Issue 441: The IDP has to support additional infrastructure to support FedCM	1	Lightweight API	No :-(
Issue 317: concerns about email in Accounts List	1?	Proposal to move to Stage 1	Yes
Issue 677	1	Delegation-oriented FedCM	No
Issue 320: Why Sec-FedCM-CSRF and not Sec-Fetch-Mode	0
Issue 578: Allow IdPs to return JSON objects rather than Strings back to RPs	0
Issue 585: Allow IdP registration and RPs to match on a "type" – IdP Registration	0
Issue 587: Why must SameSite=none?	0
Issue 599: OAuth profile for FedCM	0
Issue 609: Spec says we send SameSite=Strict cookies	0
Issue 616: Once params are merged into the spec, deprecate the nonce parameter	0
Issue 618: Support chained authentication flows before reducing heuristics and classifications/lists in navigational tracking mitigations	0
Issue 620: Make it easier to deploy this at the eTLD+1 for registered IdPs	0
Issue 625: Returning accounts go first in getUserInfo	0
Issue 626: PP/TOS requirements are different from auto reauthentication	0
Issue 627: Add webdriver command to open PP/TOS	0