背景与价值FedCM提供原生的联邦登录能力。合理治理providers与mediation并绑定nonce,可提升安全与用户体验。统一规范providers白名单:仅允许受控配置端点与client_id。mediation策略:默认 `required`,避免静默与无感授权。nonce绑定:服务端下发挑战,客户端回传绑定,防重放。核心实现调用示例(兼容性占位)type Provider = { configURL: string; clientId: string }
const allowProviders = new Set(['https://idp.example.com/.well-known/openid-federation'])
function providerAllowed(p: Provider): boolean { try { const u = new URL(p.configURL); return allowProviders.has(u.origin + u.pathname) } catch { return false } }
async function fedcmLogin(providers: Provider[], nonce: string): Promise<any | null> {
const list = providers.filter(providerAllowed)
if (list.length === 0) return null
if (!('credentials' in navigator)) return null
try {
const cred = await (navigator as any).credentials.get({
identity: {
providers: list,
mediation: 'required',
nonce
}
})
return cred
} catch {
return null
}
}
落地建议在受控provider白名单下启用FedCM,并以 `mediation=required` 与nonce绑定完成安全登录。服务端验证返回的身份断言并执行rpId校验与时间窗口。验证清单providers是否命中白名单;mediation是否为required;nonce是否与服务端挑战一致。
发表评论 取消回复