Status of FPWD‐identified Issues

This is a tracking list of issues the WG labeled as critical open issues during the FPWD process that must be formally addressed before publication of a Candidate Recommendation.

Issue	Stage	Proposal
Issue 428: Enforce CORS on the Identity Assertions endpoint	2	See PR 547
Issue 537: Allow setting IDP login status from same-site subresources	2	See PR 538
Issue 442: A not-yet logged in IDP has no route to success with this flow – Active Mode	2	Active Mode API
Issue 555: Allow IdPs to continue and finish the request in a popup window – Continuation API	2	Continuation API
Issue 556: Passing arbitrary parameters to the ID assertion endpoint	2	Params API
Issue 559: Allow RPs to selectively request attributes of the user’s profile	2	Fields API
Issue 511: Allow signing in to additional account(s)	2	Add Account API
Issue 553: Allowing IDPs to expose different account lists in different contexts	2	Account Labels API
Issue 552: Allow IDPs to use multiple config files within an eTLD+1	2	Multiple configURLs API
Issue 488: Users may be confused after showing intent to sign in but the sign-in is failed	2?	Error API
Issue 319: Allow multiple IDPs to be used	2	Multi-IdP API
Issue 467: Use cases for Cross-Site Cookie Access through Storage Access API after FedCM grant? – SAA Auto-grant	2	Storage Access API Auto-grant
Issue 517: Allow user agents to use "Connected Accounts Set" with flexibility	2?	3PC Relaxation
Issue 352: Share performance measurement with IDP	2?	Metrics API
Issue 407: [Context API] - Authz / relation to ability to specify scope	2?	duplicate of this?
Issue 240: Users can’t use IdPs outside of the ones enumerated by RPs	1	IdP Registration API
Issue 441: The IDP has to support additional infrastructure to support FedCM	1	Lightweight API
Issue 317: concerns about email in Accounts List	1?	Proposal to move to Stage 1
Issue 320: Why Sec-FedCM-CSRF and not Sec-Fetch-Mode	0
Issue 578: Allow IdPs to return JSON objects rather than Strings back to RPs	0
Issue 585: Allow IdP registration and RPs to match on a "type" – IdP Registration	0
Issue 587: Why must SameSite=none?	0
Issue 599: OAuth profile for FedCM	0
Issue 609: Spec says we send SameSite=Strict cookies	0
Issue 616: Once params are merged into the spec, deprecate the nonce parameter	0
Issue 618: Support chained authentication flows before reducing heuristics and classifications/lists in navigational tracking mitigations	0
Issue 620: Make it easier to deploy this at the eTLD+1 for registered IdPs	0
Issue 625: Returning accounts go first in getUserInfo	0
Issue 626: PP/TOS requirements are different from auto reauthentication	0
Issue 627: Add webdriver command to open PP/TOS	0