Thanks! I have been learning about FedCM recently, but I need to read more. My understanding is that it requires the relying party to allowlist which IdPs it trusts, is that correct? That always seemed like it would make it gravitate towards social sign-ins, and harder for self-hosted email domains to participate.
I haven't come across the Email Verification Protocol yet, will take a look! At a glance, the flow seems almost identical to BrowserID. I'm curious how the UX looks.
I haven't come across the Email Verification Protocol yet, will take a look! At a glance, the flow seems almost identical to BrowserID. I'm curious how the UX looks.