Intent to Extend Experiment: Web Authentication immediate mediation

48 views
Skip to first unread message

Ken Buchanan

unread,
Sep 2, 2025, 5:28:18 PM (2 days ago) Sep 2
to blink-dev

Contact emails

ke...@chromium.orgder...@google.com

Explainer

https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation

Specification

https://github.com/w3c/webauthn/pull/2291

Design docs


https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation

Summary

A mediation mode for navigator.credentials.get() that causes browser sign-in UI to be displayed to the user if there is a passkey or password for the site that is immediately known to the browser, or else rejects the promise with NotAllowedError if there is no such credential available. This allows the site to avoid showing a sign-in page if the browser can offer a choice of sign-in credentials that are likely to succeed, while still allowing a traditional sign-in page flow for cases where there are no such credentials.



Blink component

Blink>WebAuthentication

TAG review

https://github.com/w3ctag/design-reviews/issues/1092

TAG review status

Pending

Origin Trial Name

Immediate Mediation for Passkeys and Passwords

Chromium Trial Name

WebAuthenticationImmediateGet

Origin Trial documentation link

https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation

WebFeature UseCounter name

kCredentialsGetImmediateMediationWithWebAuthnAndPasswords

Risks



Interoperability and Compatibility

This is a discussion topic in the Web Authentication Working Group. Representatives from other browser vendors are involved in this discussion but there are no official signals of support yet. The ability to use `PasswordCredential` with this mediation mode is a particular compatibility risk because that credential type is not currently implemented Firefox or Safari.



Gecko: No signal (https://github.com/mozilla/standards-positions/issues/1239)

WebKit: No signal (https://github.com/WebKit/standards-positions/issues/504) Interest expressed verbally in a WebAuthn WG F2F.

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Goals for experimentation



Reason this experiment is being extended

Our primary partner for this trial has experienced delays in deploying it, and we have gathered very little data at this point. An extension is requested because with the current termination milestone we are unlikely to be able to achieve the goals of the trial.



Ongoing technical constraints

None



Debuggability

None



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

Yes

Is this feature fully tested by web-platform-tests?

No

DevTrial instructions

https://docs.google.com/document/d/18iV5eUBM4NVoNx0gqPSxPyJAjPdrfIR75vcMDBewzZU/edit?tab=t.0#heading=h.uj0x12ysuohk

Flag name on about://flags

experimental-web-platform-features

Finch feature name

WebAuthenticationImmediateGet

Requires code in //chrome?

True

Tracking bug

https://issues.chromium.org/issues/408002783

Launch bug

https://launch.corp.google.com/launch/4394539

Estimated milestones

Origin trial desktop first139
Origin trial desktop last141
Origin trial extension 1 end milestone144
DevTrial on desktop136
DevTrial on Android141


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5164322780872704?gate=6329817750437888

Links to previous Intent discussions

Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrQEs4TDzuzb%3D0B00S4OmkE4a1NbZGi19sCueTKvN_m9w%40mail.gmail.com
Ready for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/zC13ioLIZ_E/m/P-P6B6gNCQAJ
Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKpJkA9G6De6D4%3DRNSbLMRdy8Yfa6B%3DgDNWeqTyHfv8sSg%40mail.gmail.com


This intent message was generated by Chrome Platform Status.

Alex Russell

unread,
Sep 3, 2025, 10:18:00 AM (2 days ago) Sep 3
to blink-dev, Ken Buchanan
Any reason not to ship instead?

On Tuesday, September 2, 2025 at 10:28:18 PM UTC+1 Ken Buchanan wrote:

Ken Buchanan

unread,
Sep 3, 2025, 4:54:32 PM (2 days ago) Sep 3
to Alex Russell, blink-dev
We'd like to give developers some more time to test how well it performs and provide feedback.

There is also an ongoing discussion with TAG about the privacy properties, and a proposal to change the API details (noted in the explainer). We're aiming to leave time for iteration.

On Wed, Sep 3, 2025 at 10:18 AM Alex Russell <sligh...@chromium.org> wrote:
Any reason not to ship instead?

On Tuesday, September 2, 2025 at 10:28:18 PM UTC+1 Ken Buchanan wrote:
Reply all
Reply to author
Forward
0 new messages