I suppose this question is three questions. I have a IdP and RP setup in a lab for FedCM.

My navigator.credentials.get(...) call looks like:

navigator.credentials.get({
 identity: {
    context: "use",
    providers: [{
      fields: ["email"],
      configURL: `https://${idpOrigin}/fedcm.json`,
      clientId,
    }],
    mode: "active",
  }
})

I return a { "token": "dummy-token" } for the id_assertion endpoint which at the browser becomes an IdentityCredential via navigator.credentials.get() that looks like:

// IdentityCredential
{
  id: "",
  isAutoSelected: false,
  token: "dummy-id-token",
  type: "identity"
}

I'm trying to determine:

1. Should I expect id to be something that isn't ""?
2. Is there any capability or intention in the platform to specify the format of token?
3. I understand fields specified in the navigator.credentials.get(options) are passed to the IdP, but are they only used by the user agent to display the disclosure text?

For bonus points, I noticed on Chrome 134 in active mode, the first account from the accounts endpoint pre-selected by default following the initial successful login. This forces user with multiple accounts to click back on the native UI. Everything else being equal in passive mode, the list of accounts shows on the top-right native UI overlay initially. I'm assuming this is a bug?

FYI: I'm testing with Chrome 134 on Windows 11 and a Pixel 6 Pro on Android 15.