Jon Koops

I think we can possibly mitigate this by ensuring the scripts we are embedding here are marked with a nonce-source or a hash-source (see [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script)). My preference would be...

I am closing this issue, as it is sufficiently covered by #16277. Any effort to improve the content security policy will have to be a project-wide effort anyways.

@keycloak/core can someone from the core team pass judgement on this?

I am inclined to remove the deprecation, as this field is part of the public REST API, and therefore it is very likely we have users relying on this feature....

@agektmr you might be interested to know we are looking to implement FedCM in Keycloak. If you have any recommendations for us feel free to pitch in.

> This is really cool! LMK if you run into any challenges (or suggestions!) that I can help you with! That would be great, we'll try to keep you all...

> Is this the right issue to track and contribute to the topic, or are there discussions going on elsewhere? Yes, you can consider this a tracking issue around all...

> the milestone 24.0.0 is still possible ? We cannot make any guarantees, but any implementation in Keycloak will remain experimental until the Federated Credential Management API specification is final.

> do you think when FedCM is implemented the generic oidc-client-ts library can communication with this ? or you need a dedicate implement in this client. I don't know if...

> I'm a little bit worried about handling our SSO customer base after Chrome Privacy Sandbox will be widespread. Yes, we're pretty sure that it will impact the Silent Authentication...