12/2020 WebAuthn Implementation report

This is an implementation report for WebAuthn, as of December 2020.

New features of WebAuthn 2 are:

• New method to allow Discoverable/Resident Credentials Preferred:
• New methods added for Attestation Objects
• New Enterprise Attestation, Apple Attestation
• New Large Blob storage and credential properties

WPT

As of 31 March 2021.

• New method to allow Discoverable/Resident Credentials Preferred: createcredential-resident-key.https.html
• New methods added for Attestation Objects: createcredential-getpublickey.https.html
• New Enterprise Attestation, Apple Attestation: N/A
• New Large Blob storage and credential properties: createcredential-large-blob-not-supported.https.html, createcredential-large-blob-supported.https.html, getcredential-large-blob-not-supported.https.html, getcredential-large-blob-supported.https.html

Path	Chrome 91/Linux	Edge 91/Win10	Firefox 89/Linux	Safari 122 preview/MacOS10
createcredential-badargs-attestation.https.html	7 / 7	7 / 7	6 / 6	6 / 6
createcredential-badargs-authnrselection.https.html	14 / 14	14 / 14	13 / 13	13 / 13
createcredential-badargs-challenge.https.html	7 / 7	7 / 7	6 / 6	6 / 6
createcredential-badargs-rp.https.html	14 / 14	14 / 14	10 / 13	0 / 1
createcredential-badargs-user.https.html	18 / 18	18 / 18	17 / 17	0 / 1
createcredential-excludecredentials.https.html	8 / 8	8 / 8	2 / 7	0 / 1
createcredential-extensions.https.html	7 / 7	7 / 7	1 / 6	0 / 1
createcredential-getpublickey.https.html	3 / 3	3 / 3	0 / 2	0 / 1
createcredential-large-blob-not-supported.https.html	7 / 7	7 / 7	0 / 6	0 / 1
createcredential-large-blob-supported.https.html	5 / 5	5 / 5	0 / 4	0 / 1
createcredential-passing.https.html	39 / 39	39 / 39	0 / 38	0 / 1
createcredential-pubkeycredparams.https.html	11 / 11	11 / 11	8 / 10	10 / 10
createcredential-resident-key.https.html	16 / 16	16 / 16	0 / 16	0 / 1
createcredential-timeout.https.html	2 / 2	2 / 2	2 / 2	0 / 1
getcredential-badargs-rpid.https.html	8 / 8	8 / 8	0 / 7	0 / 1
getcredential-badargs-userverification.https.html	7 / 7	7 / 7	0 / 6	0 / 1
getcredential-extensions.https.html	9 / 9	9 / 9	0 / 8	0 / 1
getcredential-large-blob-not-supported.https.html	6 / 6	6 / 6	0 / 5	0 / 1
getcredential-large-blob-supported.https.html	4 / 4	4 / 4	0 / 3	0 / 1
getcredential-passing.https.html	12 / 12	12 / 12	0 / 11	0 / 1
getcredential-rk-passing.https.html	4 / 4	4 / 4	0 / 3	0 / 1
getcredential-timeout.https.html	2 / 2	2 / 2	0 / 2	0 / 1
idlharness.https.window.html	70 / 70	70 / 70	66 / 70	66 / 70
securecontext.http.html	2 / 2	2 / 2	2 / 2	2 / 2
securecontext.https.html	2 / 2	2 / 2	2 / 2	2 / 2
webauthn-testdriver-basic.https.html	5 / 5	5 / 5	0 / 5	0 / 1

For more details, see the web-platform-tests snapshot of March 2, 2021.

Notes

Chrome and edge share IDL and then get turned into other things down the line. Thus chrome and windows are different in their code. (see WebAuthn minutes 31 March 2021).

getTransports isn’t tested but is implemented by Chrome/Edge (as shown in the idl_harness test).

Enterprise Attestation, Apple Attestation aren’t testable using WPT, but have been implemented in Chrome.

microsoft/webauthn includes Win32 headers for communicating to Windows Hello and external security keys as part of WebAuthN and CTAP specification. This has been tested but not integrated yet (see WebAuthn minutes 31 March 2021).