Intent to Extend Experiment: Web Authentication immediate mediation
Ken Buchanan
Contact emails
ke...@chromium.org, der...@google.comExplainer
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediationSpecification
https://github.com/w3c/webauthn/pull/2291Design docs
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation
Summary
A mediation mode for navigator.credentials.get() that causes browser sign-in UI to be displayed to the user if there is a passkey or password for the site that is immediately known to the browser, or else rejects the promise with NotAllowedError if there is no such credential available. This allows the site to avoid showing a sign-in page if the browser can offer a choice of sign-in credentials that are likely to succeed, while still allowing a traditional sign-in page flow for cases where there are no such credentials.
Blink component
Blink>WebAuthenticationTAG review
https://github.com/w3ctag/design-reviews/issues/1092TAG review status
PendingOrigin Trial Name
Immediate Mediation for Passkeys and PasswordsChromium Trial Name
WebAuthenticationImmediateGetOrigin Trial documentation link
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediationWebFeature UseCounter name
kCredentialsGetImmediateMediationWithWebAuthnAndPasswordsRisks
Interoperability and Compatibility
This is a discussion topic in the Web Authentication Working Group. Representatives from other browser vendors are involved in this discussion but there are no official signals of support yet. The ability to use `PasswordCredential` with this mediation mode is a particular compatibility risk because that credential type is not currently implemented Firefox or Safari.
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/1239)
WebKit: No signal (https://github.com/WebKit/standards-positions/issues/504) Interest expressed verbally in a WebAuthn WG F2F.
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Goals for experimentation
Reason this experiment is being extended
Our primary partner for this trial has experienced delays in deploying it, and we have gathered very little data at this point. An extension is requested because with the current termination milestone we are unlikely to be able to achieve the goals of the trial.
Ongoing technical constraints
None
Debuggability
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
YesIs this feature fully tested by web-platform-tests?
NoDevTrial instructions
https://docs.google.com/document/d/18iV5eUBM4NVoNx0gqPSxPyJAjPdrfIR75vcMDBewzZU/edit?tab=t.0#heading=h.uj0x12ysuohkFlag name on about://flags
experimental-web-platform-featuresFinch feature name
WebAuthenticationImmediateGetRequires code in //chrome?
TrueTracking bug
https://issues.chromium.org/issues/408002783Launch bug
https://launch.corp.google.com/launch/4394539Estimated milestones
| Origin trial desktop first | 139 |
| Origin trial desktop last | 141 |
| Origin trial extension 1 end milestone | 144 |
| DevTrial on desktop | 136 |
| DevTrial on Android | 141 |
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5164322780872704?gate=6329817750437888Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrQEs4TDzuzb%3D0B00S4OmkE4a1NbZGi19sCueTKvN_m9w%40mail.gmail.comReady for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/zC13ioLIZ_E/m/P-P6B6gNCQAJ
Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKpJkA9G6De6D4%3DRNSbLMRdy8Yfa6B%3DgDNWeqTyHfv8sSg%40mail.gmail.com
Alex Russell
Ken Buchanan
Any reason not to ship instead?
On Tuesday, September 2, 2025 at 10:28:18 PM UTC+1 Ken Buchanan wrote: