Ready for Trial: WebAuthn: Large blob storage extension (largeBlob)

Skip to first unread message

Nina Satragno

Oct 28, 2020, 2:44:20 PM10/28/20
to, Adam Langley, Martin Kreichgauer, Jeff Hodges, identity-dev, Ken Buchanan

Contact emails




Adds support for the WebAuthn largeBlob client authenticator extension. This extension allows relying parties to store opaque data associated with a credential.

Blink component


Search tags

webauthnlarge blobblobs

TAG review


TAG review status

Not applicable


Interoperability and Compatibility

Low, this is a new feature that's already part of the editor's draft [1] for WebAuthn. [1]

Gecko: No signal

WebKit: No signal

Web developers: No signals


WebAuthn is already an asynchronous API with a "long" time to get a response (in the order of seconds) since it needs user interaction. Adding this feature will not impact the "normal" webauthn flow. For relying parties (i.e. websites) using it, it won't significantly affect performance.


This feature can't be polyfilled since it relies on hardware support. Effectively the feature only exposes three methods as parameters on webauthn request options: querying for support, writing, and reading blobs. Integration with existing frameworks exercising webauthn should be straightforward.


The implementation requires compressing and uncompressing arbitrary data. This is done in the data decoder service [1], which runs in a sandboxed process. This implementation feature was security-reviewed [2]. [1] [2]

Goals for experimentation

We are planning to slowly introduce this feature into the ecosystem to gather feedback.

Ongoing technical constraints



Developers can use the devtools webauthn tab to debug this feature.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?


This feature will be supported on mac, linux, windows < 10 19h1, & chrome os. Windows >= 10 19h1 blocks access to authenticators through low-level APIs and relies on a high-level API that does not support this feature at the moment. Similarly, the android webauthn implementation relies on a higher level API that does not support this feature.

Is this feature fully tested by web-platform-tests?

See *large-blob* tests.

Tracking bug

Link to entry on the Chrome Platform Status

Links to previous Intent discussions

Intent to prototype:

This intent message was generated by Chrome Platform Status.

Nina Satragno <>
Reply all
Reply to author
0 new messages