FedCM
This article is a stub. You can help the IndieWeb wiki by expanding it.
FedCM is a browser API for logging in to websites using external identity providers, and has an experimental feature "IdP Registration" which can let your own website be an identity provider to any website using IndieAuth.
Since the IdP Registration API is still an experimental feature, it is not part of the public MDN docs of FedCM yet. You can read more details on the GitHub thread here. In particular, this comment contains a summary of the instructions on using it with your domain.
IndieWeb Examples
- Aaron Parecki is running an IndieAuth FedCM server on his website since 2024-05-14
- Sam Goto is running an open source IndieAuth FedCM server on his website https://sgo.to since 2024-05-16
- ...
If you would like to try this with your own domain, read the instructions here! https://github.com/fedidcg/FedCM/issues/240#issuecomment-2118606184
IndieWeb Services Supporting FedCM
Webmention.io
As of 2024-05-15, https://webmention.io supports FedCM with a user-chosen IdP. In order to try this out, you will need an IndieAuth server that supports FedCM. See FedCM for IndieAuth for a development guide.
IndieAuth FedCM Providers
IndieAuth Developer's Guide to FedCM
For IndieAuth server developers wanting to add FedCM support using the IdP registration API, see:
FedCM Browser Status
As of 2024-05-20, FedCM is implemented in:
- Chrome (behind a feature flag)
- Firefox Nightly
- Safari is publicly supportive but not yet implemented
However, the feature that makes FedCM work for IndieAuth is the experimental "IdP Registration" API, which is only available in Chrome Canary.
Related FedCM Issues
FedCM is very much an in-progress specification. Here are some related issues on the GitHub repository relevant to making FedCM work with IndieAuth:
- 240 - Allow IDP registration
- 585 - Allow IDP registration and RPs to match on "type"
- 581 - Allow RPs to provide their own terms of service and privacy policy URLs
- 580 - DNS option instead of .well-known
- 578 - Allow IDPs to return arbitrary JSON instead of strings
- 560 - The RP needs a way to know which IdP the user selected
- 319 - Multiple IDP support
- 556 - Passing arbitrary parameters to the assertion endpoint
These issues are also linked to inline in the FedCM for IndieAuth document.