TAG reviewN/A (minor API change)
SummaryAdds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn "credProps" extension, which indicates to the Relying Party whether a created credential is client-side discoverable.
Motivation"Client-side discoverable credentials" are a type of WebAuthn credential that can be challenged by a Relying Party (RP) without needing to provide the credential ID in the WebAuthn API request. Browsers display a list of all discoverable credentials from a given authenticator (external security key or built-in) and let the user choose one to sign in with. Chrome already supports registration of client-side discoverable WebAuthn credentials via the boolean AuthenticatorSelection.requireResidentKey property. The WebAuthn Level 2 spec adds an alternative, enum-valued residentKey property. Two values of that enum, "discouraged" and "required", correspond exactly to the boolean values of requireResidentKey. The third, middle value ("preferred") lets the RP express that the browser should try to create a client-side discoverable credential, but that it may fall back to a non-discoverable credential if the authenticator presented by the user doesn't support it (e.g. a U2F/CTAP1 security key). The credProps extension (https://w3c.github.io/webauthn/#credprops) can be used to report at registration time whether the newly created credential is client-side discoverable or not. This is useful for the RP in the "preferred" case.
Interoperability and CompatibilitySupport on Windows >= 1903 depends on Microsoft implementing it in Windows. Support on Android depends on Android's WebAuthn library supporting it. Android WebView does not support WebAuthn.
Gecko: No signal
WebKit: No signal
Web developers: No signals
DebuggabilityThis feature will be supported by Chrome's Virtual Authenticator API implementation.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No Support on Windows >= 1903 depends on Microsoft implementing it in Windows. Support on Android depends on Android's WebAuthn library supporting it. Android WebView does not support WebAuthn.No This feature will be supported by Chrome's Virtual Authenticator implementation and will be covered by WPTs.
Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5701094648840192