FedCM: An approved_clients entry in the accounts list is required for auto reauthentication to work #38259
Description
MDN URL
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API/IDP_integration
What specific section or headline is this issue about?
approved_clients
What information was incorrect, unhelpful, or incomplete?
The documentation shows no description for what approved_clients is used for.
What did you expect to see?
It should mention that the array of approved_clients will be checked when a client requests login. If the client id is found in the list, no disclosure text is displayed to the user.
It should also mention that for auto reauthentication to work, the client id of the RP should be in the array.
Do you have any supporting links, references, or citations?
https://w3c-fedid.github.io/FedCM/#browser-connected-accounts-set states:
When asked whether an IdentityProviderAccount account is eligible for auto reauthentication given an IdentityProviderConfig provider and a globalObject, run the following steps. This returns a boolean.
- If account contains approved_clients and account’s approved_clients does not contain provider’s clientId, return false.
Do you have anything more you want to share?
No response
MDN metadata
Page report details
- Folder:
en-us/web/api/fedcm_api/idp_integration - MDN URL: https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API/IDP_integration
- GitHub URL: https://github.com/mdn/content/blob/main/files/en-us/web/api/fedcm_api/idp_integration/index.md
- Last commit: 2b6f99e
- Document last modified: 2024-08-17T01:09:59.000Z