Bug 242204
| Summary: | [WebAuthn] support large blob storage extension | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | tarrence |
| Component: | WebKit Misc. | Assignee: | pascoe <pascoe> |
| Status: | NEW | ||
| Severity: | Normal | CC: | alibellows, bfulgham, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
tarrence
Support for large blob storage (https://w3c.github.io/webauthn/#sctn-large-blob-extension) is landing in chrome soon. It supports storage of opaque blobs alongside the users credentials. This would enable a lot of new use cases, for example, storing a private key for encryption and supporting fully user custodial applications.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/96255388>
alibellows
Hi, currently this may be a dupe of [bug #252789](https://bugs.webkit.org/show_bug.cgi?id=252789) but I'd like to track status for support in platform authenticators and figure we could do that here. (I can split into a new bug if not)
After [PR #9891](https://github.com/WebKit/WebKit/pull/9891) I thought my Macbook Pro M1 platform authenticator (with Safari Preview Release 170 on MacOS Ventura) might support largeBlob, but it seems I was mistaken. I.e., clientExtensionResults in the assertionResponse is always empty, despite my providing extensions input including `largeBlob`. Note the same setup works correctly (clientExtensionResults is nonempty and gives the expected values) if I use an emulated authenticator with Chrome devtools, but not my actual platform authenticator.
Are Apple, etc planning to support large blob on platform authenticators? If so, can we track related work here?
Thank you!
pascoe@apple.com
Pull request: https://github.com/WebKit/WebKit/pull/54164