This is Chrome's proposal to solve issue #231. It is described here:
https://github.com/fedidcg/FedCM/blob/main/proposals/idp-sign-in-status-api.md

I am splitting this proposal out from that issue because depending on browser UI choices, it does not necessarily fully prevent sending user info to attackers; it only prevents doing so silently.

#436 is the pending pull request to integrate the proposal into the spec. Feel free to discuss here or in the PR.