When a user has a isLoggedIn state of true with a particular IdP, but the IdP has ended the session, the IdP returns no accounts to the Browser. The FedCM specifies that the IdP may offer an endpoint that the browser may load to allow the user to re-establish an active account account session. This endpoint must be rendered in a window that supports full page redirects in order to support authentication delegation capabilities such as MFA and other industry adopted passwordless technologies.
1 Comment
Philip Smart
It looks likely the
popup window
mechanism FedCM will use to re-establish an active account session will have the same capabilities as the main browser window. At least for Chrome.