Browser Native Auth and FedCM is finally here!
"My biggest legacy at Google is the amount of systems I broke." β Sam Goto joins the show with a name that strikes fear into engineering systems everywhere. As a Senior Staff Engineer on the Chrome team, Sam shares the hilarious reality of having the last name "Goto," which once took down Google's internal URL shortener for four hours simply because he plugged in a new computer.
Sam gets us up to speed with Federated Credentials Management (FedCM), as we dive deep into why authentication has been built despite the browser rather than with it, and why itβs time to move identity from "user-land" to "kernel-land". This shift allows for critical UX improvements for logging in all users irrespective of what login providers you use, finally addressing the "NASCAR flag" problem of infinite login lists.
Most importantly, he shares why you don't need to change your technology stack to get all the benefits of FedCM. Finally, Sam details the "self-sustaining flame" strategy (as opposed to an ecosystem "flamethrower"), revealing how they utilized JavaScript SDKs to migrate massive platforms like Shopify and 50% of the web's login traffic without requiring application developers to rewrite their code.
π‘ Notable Links:β
- HSMs + TPM in production environments
- Get involved: FedCM W3C WG
- The FedCM spec GitHub repo
- TPAC Browser Conference
π― Picks:β
- Warren - Book: The Platform Revolution
- Sam - The 7 Laws of Identity and Short Story: The Egg By Andy Weir