在这种情况下,用户需要批准两个不同的提示:一个用于身份验证,另一个用于授予 Cookie 访问权限,因为 SAA 会触发权限提示。FedCM 通过充当信任信号来简化 Storage Access API 流程。用户使用 FedCM 登录后,系统会自动授予 IdP 发起的存储空间访问权限请求,从而无需额外的 SAA 提示。
// In top-level rp.example:
// Ensure FedCM permission has been granted.
const cred = await navigator.credentials.get({
identity: {
providers: [{
configURL: 'https://idp.example/fedcm.json',
clientId: '123',
}],
}
});
// In an embedded IdP iframe:
// Returns `true` if the user already has access to cookies, and `false` if
// the user doesn't have access yet and needs to request it.
const hasAccess = await document.hasStorageAccess()
if(!hasAccess){
// No user gesture is needed to approve storage access, and the call will be auto-granted.
document.requestStorageAccess().then(e=>{
//access cookies
})
} else{
//the iframe already has access to third-party cookies
}
Origin 试用参与者提供了积极的反馈,强调了与通用 Storage Access API 提示相比,特定于上下文的 FedCM 提示可提供更出色的用户体验。
[null,null,["最后更新时间 (UTC):2024-11-15。"],[[["Chrome now uses FedCM as a trust signal for the Storage Access API, streamlining cross-origin iframe storage access when users are logged in with FedCM."],["This integration eliminates the need for separate Storage Access API prompts, simplifying the user experience and reducing prompt fatigue."],["Websites using both FedCM and the Storage Access API benefit from this feature, as users only need to authenticate once with FedCM for both login and storage access."],["Developers can learn more about implementation and feedback channels through provided documentation and issue tracking links."],["Positive feedback from origin trial participants suggests that FedCM-based storage access improves user experience compared to generic prompts."]]],["Chrome 131 utilizes FedCM as a trust signal for the Storage Access API (SAA). When a user logs in via FedCM, storage access requests from Identity Providers (IdPs) are automatically granted, removing the need for additional SAA prompts. Websites using both FedCM and SAA see streamlined access. Without FedCM, the user needs to approve separate prompts for authentication and cookie access. `document.requestStorageAccess()` becomes auto-granted, and cookies will be available. If `navigator.credentials.preventSilentAccess()` is called, storage access is not granted until reauthentication.\n"]]
