Federated Credential Management (FedCM)

FedCM is a browser API for privacy-preserving federated authentication without the need for third-party cookies and redirects. You can read more about FedCM on MDN​ or Google for Developers​. FedCM is still an experimental technology only available in Chrome based browsers at the moment, though other browsers are working on implementing it already. The use of FedCM with gw2.me is optional.

It is recommended that you use the gw2.me JavaScript library to initialize FedCM Authentication on your website. The FedCM config for gw2.me is available https://gw2.me/fed-cm/config.json in case you manually want to request authorization.

Request FedCM

FedCM is an alternative to redirecting the user to the OAuth2 authorization page described in Getting OAuth Access Tokens. Instead the user will be shown a browser dialog where they can grant permission to sign in.

It is possible to request specific scopes when using FedCM in browsers supporting FedCM params (Chrome 132+). If the user has not granted these scopes before, the user will be shown an authorization dialog using the FedCM Continuation API. All previously granted scopes are always included, as if include_granted_scopes is used with the normal OAuth2 flow. If the browser does not support FedCM params, the scopes will default to identify email.

PKCE is required when using FedCM.

It is only possible to initialize FedCM authentication from an origin which matches one of the registered OAuth2 redirect URLs.

To request authentication via FedCM with the gw2.me JavaScript library, call gw2me.fedCM.request(). This will return a Promise<Credential | null> that resolves to a Credential when the authentication is successful, or null in case the authorization fails. The Credential contains a string property token, which is an OAuth2 authorization code. This authorization code can be exchanged for an access token as described in Access Token.