Intent to Implement and Ship: WebAuthn getPublicKey[Algorithm]() and getAuthenticatorData()

Skip to first unread message

Adam Langley

May 26, 2020, 1:25:13 PM5/26/20
to blink-dev
(This is exactly the same as this thread from 10 minutes ago, but now with the previously missing first letter of "Intent" in the subject, so that scripts will notice it.) Specification: No. Only minor API change. The draft of WebAuthn level two includes accessors that save sites from having to parse CBOR and COSE in order to use security keys. This status entry covers implementation of these accessors in Chromium. CBOR and COSE are somewhat obscure at this time and there's no need for most sites to have to worry about them as the browser is capable of translating them into more standard formats.
Only new functions getting added. Firefox: Public support ( (J.C. reviewed spec PR.) Edge: No public signals Safari: No public signals Web developers: No signals

Android support will come later. Android WebView does not support security key interactions due to the need to authenticate the calling site.

Mike West

May 28, 2020, 3:15:49 PM5/28/20
to blink-dev

(Note: We should add a CBOR parser to the web at some point. :) )


Chris Harrelson

May 28, 2020, 3:16:55 PM5/28/20
to Mike West, blink-dev

You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

May 28, 2020, 3:23:39 PM5/28/20
to blink-dev,
LGTM3 with a hearty second to Mike's point. I'd very much like to see a modern CBOR parser/serializer in the platform given how it's use seems to be proliferating.


To unsubscribe from this group and stop receiving emails from it, send an email to
Reply all
Reply to author
0 new messages