FedCM: A Privacy-Preserving Approach to Federated Identity

In today's interconnected digital world, users increasingly rely on federated identity solutions to access various online services. Federated identity allows users to log in to multiple websites using a single identity provider (IdP), such as Google, Facebook, or an organization's internal system. While convenient, traditional federated identity mechanisms can pose privacy risks by exposing user information to websites even before they explicitly consent. FedCM, or Federated Credential Management, is a browser API designed to address these privacy concerns and enable federated identity in a more privacy-preserving manner.

What is Federated Credential Management (FedCM)?

FedCM is a browser API that acts as an intermediary between the user, the relying party (RP) or website, and the identity provider (IdP). It allows users to choose which IdP to use to sign in to a website, and then it mediates the exchange of information between the IdP and the RP. Importantly, FedCM gives users greater control over their data and minimizes the amount of information shared with the website before they explicitly consent. This approach significantly enhances user privacy compared to traditional federated identity flows.

How FedCM Works

FedCM operates through a series of steps that involve the user agent (browser), the relying party (website), and the identity provider (IdP). Here’s a breakdown of the process:

1. Website Discovery: When a user visits a website (RP), the website's JavaScript code uses the FedCM API to signal that it supports federated sign-in. The browser then queries for available IdPs that the user has previously used or configured.
2. IdP Configuration: The browser obtains the configuration information of the IdP, which specifies the endpoints needed for the sign-in flow. This configuration is fetched from a well-known endpoint on the IdP's domain (e.g., /.well-known/fedcm.json). This file contains vital information like the authorization endpoint and the token endpoint.
3. User Choice: The browser presents the user with a list of available IdPs. The user selects the IdP they want to use for sign-in. This selection is an explicit and informed choice made by the user.
4. Consent: Before sharing any information with the website, FedCM displays a consent dialog to the user. This dialog clearly informs the user about the information that will be shared and asks for their explicit permission. The consent dialog typically shows the IdP's name, the website's name, and the specific data being requested.
5. Credential Exchange: If the user grants consent, FedCM retrieves the necessary credentials (e.g., an ID token) from the IdP. This exchange happens directly between the user agent and the IdP, minimizing the exposure of user data to the website before consent.
6. Sign-in: The user agent then securely passes the credential to the website. The website verifies the credential and signs the user in.

Key Benefits of FedCM

FedCM offers several significant advantages over traditional federated identity solutions:

• Enhanced User Privacy: FedCM empowers users with greater control over their data. Websites receive user information only after explicit consent, reducing the risk of unwanted tracking and profiling.
• Reduced Tracking: By mediating the interaction between the website and the IdP, FedCM minimizes the ability of websites to track users across different sites. This helps prevent the creation of comprehensive user profiles without user consent.
• Improved Security: FedCM leverages the browser's security features to protect user credentials. The exchange of credentials between the user agent and the IdP is handled securely, reducing the risk of man-in-the-middle attacks.
• Simplified Development: FedCM provides a standardized API for federated identity, making it easier for developers to integrate federated sign-in into their websites. This standardization can reduce the complexity and cost of implementing federated identity solutions.
• Cross-Browser Compatibility: While initially developed by Google and implemented in Chrome, FedCM is designed to be a cross-browser standard. Other browser vendors are considering adopting FedCM, which would promote interoperability and ensure a consistent user experience across different browsers.
• Combating Fraud: By providing a clearer understanding of which Identity Provider is in use, FedCM makes it more difficult for malicious actors to impersonate a legitimate Identity Provider and trick a user into providing credentials.

FedCM vs. Traditional Federated Identity

Traditional federated identity solutions, such as OAuth 2.0 and OpenID Connect, often rely on third-party cookies and other mechanisms that can compromise user privacy. These mechanisms allow websites to track users across different sites and build comprehensive user profiles without explicit consent. FedCM addresses these privacy concerns by introducing a new, privacy-preserving approach to federated identity.

Here's a table comparing FedCM with traditional federated identity solutions:

Implementing FedCM

Implementing FedCM involves changes to both the relying party (website) and the identity provider (IdP). Here's a high-level overview of the steps involved:

Relying Party (Website) Implementation

1. Detect FedCM Support: Check if the browser supports the FedCM API using JavaScript.
2. Invoke the FedCM API: Use the FedCM API to initiate the federated sign-in flow. This involves calling the navigator.credentials.get() method with the appropriate parameters.
3. Handle the Credential: If the user grants consent and a credential is provided, verify the credential and sign the user in.
4. Error Handling: Implement error handling to gracefully handle situations where the user denies consent or an error occurs during the sign-in flow.

Identity Provider (IdP) Implementation

1. Implement the FedCM Configuration Endpoint: Create a well-known endpoint (/.well-known/fedcm.json) that provides the IdP's configuration information, including the authorization endpoint, token endpoint, and other relevant metadata.
2. Handle the Authorization Request: Implement the authorization endpoint to handle authorization requests from the browser. This involves authenticating the user and obtaining their consent to share their information with the website.
3. Issue Credentials: If the user grants consent, issue the necessary credentials (e.g., an ID token) to the browser.
4. Metadata Management: Provide necessary metadata like the IdP icon, service name and privacy policy URL so the browser can present it in the permission prompt.

Example: FedCM Sign-in Flow

Here's a simplified example of how a FedCM sign-in flow might look in JavaScript:

            
// Check if FedCM is supported
if (' FedCM ' in navigator.credentials) {
  // Initiate the FedCM sign-in flow
  navigator.credentials.get({
    identity: {
      providers: [
        {
          configURL: 'https://example.com/.well-known/fedcm.json',
          clientId: 'YOUR_CLIENT_ID',
          nonce: 'YOUR_NONCE',
          domains: ['example.com']
        },
      ],
    },
  }).then((credential) => {
    // Handle the credential
    console.log('Credential:', credential);
    // Verify the credential and sign the user in
  }).catch((error) => {
    // Handle the error
    console.error('Error:', error);
  });
} else {
  console.log('FedCM is not supported in this browser.');
}

            

              
                Copy
              
            
          

Use Cases for FedCM

FedCM can be applied to a wide range of use cases where federated identity is used, including:

• Social Login: Allowing users to sign in to websites using their social media accounts (e.g., Google, Facebook).
• Enterprise Identity: Enabling employees to access company resources using their corporate credentials. This can facilitate Single Sign-On (SSO) across various applications and services.
• Government Services: Providing citizens with secure access to government services using their national identity credentials. Example: Using national digital identity (like in Estonia or India with Aadhaar) to log into e-government portals.
• E-commerce: Streamlining the checkout process by allowing users to sign in with their preferred identity provider.
• Educational Platforms: Facilitating access to online learning resources using educational institution credentials. Example: Students logging into university learning management systems using their university accounts.

Challenges and Considerations

While FedCM offers significant benefits, there are also some challenges and considerations to keep in mind:

• Adoption: The widespread adoption of FedCM depends on browser vendors implementing the API and websites and IdPs adopting the standard.
• User Experience: It's crucial to design a user-friendly consent flow that clearly informs users about the information being shared and the implications of granting consent.
• Security Considerations: Implement robust security measures to protect user credentials and prevent unauthorized access. Properly validate and sanitize any data received from the IdP.
• IdP Implementation Complexity: Implementing the FedCM configuration endpoint and handling authorization requests can be complex, requiring careful planning and execution.
• Browser Compatibility: Initially, FedCM will likely have limited browser support. Developers need to consider fallback mechanisms for browsers that don't yet support the API.
• Regulatory Compliance: Ensure compliance with relevant privacy regulations, such as GDPR and CCPA, when implementing FedCM.

The Future of FedCM

FedCM represents a significant step forward in enabling privacy-preserving federated identity on the web. As browser vendors and websites adopt the API, it has the potential to transform the way users sign in to websites and services. The ongoing development and standardization of FedCM will likely address current challenges and further enhance its capabilities.

Future developments might include:

• Expanded Browser Support: Increased adoption by other major browser vendors beyond Chrome.
• Advanced Features: Support for more complex authentication scenarios, such as multi-factor authentication (MFA) and step-up authentication.
• Improved User Experience: Refinements to the consent flow to make it even more user-friendly and informative.
• Enhanced Security: Ongoing efforts to improve the security of the FedCM protocol and prevent potential attacks.
• Standardization: Full standardization by organizations like the W3C to ensure interoperability and long-term stability.

Conclusion

FedCM is a promising technology that has the potential to revolutionize federated identity by prioritizing user privacy and security. By giving users greater control over their data and minimizing the risk of unwanted tracking, FedCM can help build a more trustworthy and privacy-respecting web. As adoption grows and the technology matures, FedCM is poised to become a cornerstone of web authentication in the years to come.

Website developers and identity providers should begin exploring FedCM now to prepare for its widespread adoption and take advantage of its benefits. By embracing privacy-preserving technologies like FedCM, we can create a better online experience for users around the world.

Resources

• Google Privacy Sandbox - FedCM Documentation
• WICG FedCM GitHub Repository
• Chromium Blog: FedCM Updates