How FedCM works

FedCM changes how websites and identity providers interact during the login process to enhance user privacy. Here's a visual representation of how FedCM works:

If a site requires login, the visitor can either set up an account with that specific site or log in using existing credentials with a third-party Identity Provider, like Google, Facebook, or others.

With FedCM in place, identity providers offered as login options no longer automatically receive information about the site that person is visiting, which helps prevent profiling.

Once the person has chosen to log in, the site and the identity provider can share information to enable a seamless sign in experience.

In essence, FedCM acts as a privacy gatekeeper, ensuring that user data is only shared when explicitly authorized by the user. This creates a more secure and privacy-conscious login experience.

Here's a more detailed overview:

  1. Someone wants to log in to a site. A user visits a site which requires them to log in or verify their identity for certain actions, like making a purchase or accessing premium content.
  2. FedCM is initiated. The site (known as the "relying party") uses FedCM to allow people to easily sign in with an existing account from a trusted identity provider (IdP). The relying party chooses which IdPs to support on their site.
  3. Identity provider is selected. The user selects their preferred IdP from a dialog box in the browser. The site can’t see the IdP, and the IdP can’t see the site. The user’s information stays with the browser until they log in with a service.
  4. Information is exchanged. Once the user initiates a login, the browser securely transmits the user’s account selection to the IdP, which verifies user credentials and generates a token. The token is validated, and the browser relays it to the relying party. Now that the user has accepted the FedCM prompt, the relying party and IdP can share select information with each other via FedCM. The login credentials are not shared, but pertinent information like email address or profile picture can be shared for a more seamless site experience.
  5. The user is logged in and can continue their task on site. The user is now logged in to the site. Only the IdP selected for login can communicate with the relying party, reducing the amount of information shared without the user’s knowledge.

 

Learn more about how FedCM works in the developer documentation.

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Main menu
18326962834654009268
true
Search Help Center
true
true
true
false
false
false
false