-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions FedCM API demo does not work with "Block third-party cookies" enabled #141
Comments
@solatsuta Yes, FedCM is currently disabled when the "Block third-party cookies" setting is enabled in Chrome, but my understanding in speaking with @samuelgoto is that the API will be enabled in the future when Chrome starts to phase-out default support for third-party cookies. For testing, we recommend that you additionally enable |
Yes, that's correct. So far, the belief is that if we can ship the IdP Sign-in Status API we will be able to enable FedCM without 3PC. So, if all goes according to plan, yes, we would have FedCM enabled without 3PC at some point. |
@krgovind |
Thanks. This issue has been resolved. |
Any chance you have a link handy that we could use to try your IdP ourselves? Any chance that's something that is publicly available?
I'm glad to hear that your use case is satisfied and that the FedCM can be of help through the process!!
Note that, for FedCM to operate without third party cookies, it is conditioned on the use of the IdP Sign-in Status API. So, in case you haven't already, please give the Origin Trial a try, and please do let us know if you run into any trouble! |
@samuelgoto
There is a URL that is publicly available. However, the use case affected by 3PC in this service is to play 3rd party games published on the service. I'll give the Origin trial a try. |
Is this a FedCM-compatible IdP? We can't seem to find the .well-known file in it:
|
No, FedCM is not supported; The URL is the IdP of the production environment I am developing for and is not a URL where FedCM can be tested. My apologies. |
Ah, glad to hear that it satisfies your use case! Can you give me a sense of which RPs would be using the https://mobage.jp/ IdP? Would any website be able to use the IdP? Or just a few? If the latter, have you considered First Party Sets instead? |
As for the RPs used, I can't tell you because many RPs use them. The user needs to be authenticated and authorized to play the game, but from the game's (RP's) point of view, the IdP is a 3rd party, so it falls under the 3PC category. We have considered FPS, but have determined that it cannot be used at the level of providing services to users due to the following problems.
We are not operationally willing to have hundreds or thousands of associated sites tied to https://connect.mobage.jp. Sorry. |
Overview
Hello, I am developing an IdP that is affected by third-party cookie blocking.
From an RP's iframe, I call a URL that executes the FedCM API of the IdP and expect the RP to be able to log in.
In fact, I have incorporated the FedCM API and confirmed that the use case is satisfied.
However, if you enable "Block third-party cookies" in the Chrome settings, the FedCM API will not work.
I would like to confirm that this is the intended behavior as it is the same in the official demo, etc.
Thanks for reading this far.
This issue is made in translation. Sorry if the language is strange.
How to reproduce
Question
How should this be avoided under "Block Third-party cookies"?
Supplemental
<iframe src="3rd-party.example" allow="identity-credentials-get"></iframe>
.The text was updated successfully, but these errors were encountered: