Contact emailsnsat...@chromium.org, mart...@chromium.org, a...@chromium.org
Adds support for the WebAuthn largeBlob client authenticator extension. This extension allows relying parties to store opaque data associated with a credential.
Search tagswebauthn, large blob, blobs
TAG review statusNot applicable
Interoperability and Compatibility
Low, this is a new feature that's already part of the editor's draft  for WebAuthn.
: No signalWebKit
: No signalWeb developers
: No signals
WebAuthn is already an asynchronous API with a "long" time to get a response (in the order of seconds) since it needs user interaction. Adding this feature will not impact the "normal" webauthn flow. For relying parties (i.e. websites) using it, it won't significantly affect performance.
This feature can't be polyfilled since it relies on hardware support.
Effectively the feature only exposes three methods as parameters on webauthn request options: querying for support, writing, and reading blobs. Integration with existing frameworks exercising webauthn should be straightforward.
The implementation requires compressing and uncompressing arbitrary data. This is done in the data decoder service , which runs in a sandboxed process. This implementation feature was security-reviewed .
Goals for experimentation
We are planning to slowly introduce this feature into the ecosystem to gather feedback.
Ongoing technical constraints
Developers can use the devtools webauthn tab to debug this feature.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No
This feature will be supported on mac, linux, windows < 10 19h1, & chrome os.
Windows >= 10 19h1 blocks access to authenticators through low-level APIs and relies on a high-level API that does not support this feature at the moment.
Similarly, the android webauthn implementation relies on a higher level API that does not support this feature.Yes