Federated Credential Management (FedCM API)

Browsers are introducing measures to improve user privacy. For example,
in the future, users will be prevented from being tracked via “bounce
redirects” and third-party cookies. However, these methods are also used
in legitimate use cases, such as Federated Authentication/SSO, for
example, in OpenID Connect (OIDC). Therefore, there are several
strategies to continue enabling these essential use cases.

One method is the Federated Credential Management (FedCM) API,
which extends the JavaScript API of web browsers to enable Federated
Authentication directly and with explicit user consent.

In this report, we evaluate FedCM and its impact on existing SSO
systems. Specifically, the goal is to evaluate whether and to what extent
FedCM can be used for SSO systems in the eGovernment environment
(e.g., eIDAS, ID Austria), as they rely on OIDC.