# Browser Native Auth and FedCM is finally here!

Page: https://stenobird.com/podcast/adventures-in-devops/browser-native-auth-and-fedcm-is-finally-here
Text version: https://stenobird.com/podcast/adventures-in-devops/browser-native-auth-and-fedcm-is-finally-here.md
Podcast: [Adventures in DevOps](https://stenobird.com/podcast/adventures-in-devops)
Published: 2025-12-15T00:00:00+00:00
Episode link: https://adventuresindevops.com/episodes/259-federated-credentials-management-fedcm-browser-auth
Audio file: https://dts.podtrac.com/redirect.mp3/api.spreaker.com/download/episode/69124284/download.mp3
Processing state: failed
JSON: https://stenobird.com/v1/public/podcasts/adventures-in-devops/episodes/browser-native-auth-and-fedcm-is-finally-here
Duration seconds: 2984

## Resource

Share Episode ⸺ Episode Sponsor: Incident.io - https://dev0ps.fyi/incidentio &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "My biggest legacy at Google is the amount of systems I broke." — Sam Goto joins the show with a name that strikes fear into engineering systems everywhere. As a Senior Staff Engineer on the Chrome team, Sam shares the hilarious reality of having the last name "Goto," which once took down Google's internal URL shortener for four hours simply because he plugged in a new computer. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Sam gets us up to speed with Federated Credentials Management (FedCM), as we dive deep into why authentication has been built despite the browser rather than with it, and why it’s time to move identity from "user-land" to "kernel-land". This shift allows for critical UX improvements for logging in all users irrespective of what login providers you use, finally addressing the "NASCAR flag" problem of infinite login lists. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Most importantly, he shares why you don't need to change your technology stack to get all the benefits of FedCM. Finally, Sam details the "self-sustaining flame" strategy (as opposed to an ecosystem "flamethrower"), revealing how they utilized JavaScript SDKs to migrate massive platforms like Shopify and 50% of the web's login traffic without requiring application developers to rewrite their code. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 💡 Notable Links: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HSMs + TPM in production environments Get involved: FedCM W3C WG The FedCM spec GitHub repo TPAC Browser Conference 🎯 Picks: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;…

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/adventures-in-devops/episodes/browser-native-auth-and-fedcm-is-finally-here/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/adventures-in-devops/browser-native-auth-and-fedcm-is-finally-here.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.