Thanks for acknowledging the mistake and sending this retroactively Martin. No concerns with the intent from me, LGTM1.
Sorry we didn't have any way in our 'webexposed' tests to double-check for approvals for this sort of new feature (JSON-schema only change to the argument of a web-exposed API). I don't see any reliable and low-friction check we could add for cases like this, so I think we should just chalk this up as a known limitation of our heuristics. Mistakes like this do happen occasionally but IMHO they are extremely rare so not something I think we need to take special action on. On Thu, Jan 15, 2026 at 3:58 PM 'Martin Kreichgauer' via blink-dev < [email protected]> wrote: > Hello API Owners, > > This feature was launched on Desktop in Chrome 136 and Android in 142, and > we unfortunately forgot to request Intent to Ship approvals. I just > realized this mistake while we were cleaning up old feature flags, my > apologies. Are there any concerns or could we please have retroactive LGTMs? > > For context, this was an additional feature to WebAuthn that had an > already existing spec and an implementation in WebKit. Several large > Relying Parties have adopted it already. > > Thanks, > Martin Kreichgauer > > > > On Thu, Jan 15, 2026 at 12:57 PM Chromestatus < > [email protected]> wrote: > >> *Contact emails* >> [email protected] >> >> *Specification* >> >> https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional:~:text=For%20create >> >> *Summary* >> WebAuthn Conditional Create allows websites to automatically create >> passkeys for existing users that have a matching password saved in their >> password manager. >> >> *Blink component* >> Blink>WebAuthentication >> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EWebAuthentication%22> >> >> *Web Feature ID* >> *No information provided* >> >> *Motivation* >> WebAuthn Conditional Create requests let a website (aka a Relying Party >> or RP) create a passkey without prominent modal mediation, if the user has >> previously consented to credential creation. The motivating use case is >> commonly referred to as "passkey upgrades". I.e., if the browser/credential >> manager already stores an existing password credential for the same >> website/relying party and user, conditional create allows the the website >> automatically create a matching passkey. An explainer with more information >> is hosted in the W3C WebAuthn wiki: >> https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Registration-Extension >> >> *Initial public proposal* >> *No information provided* >> >> *TAG review* >> *No information provided* >> >> *TAG review status* >> Issues addressed >> >> *Risks* >> >> >> *Interoperability and Compatibility* >> WebKit already shipped this feature ahead of Blink, so this launch is >> positive for interoperability. >> >> *Gecko*: No signal >> >> *WebKit*: Shipped/Shipping ( >> https://developer.apple.com/documentation/safari-release-notes/safari-18-release-notes#Authentication:~:text=Implemented%20conditional%20credential%20creation.%20 >> ) >> >> *Web developers*: No signals >> >> *Other signals*: >> >> *WebView application risks* >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> *No information provided* >> >> >> *Debuggability* >> *No information provided* >> >> *Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?* >> Yes >> Blink implements this feature on all platforms. On Android, requests are >> forwarded to the native Credential Manager API, where supporting password >> managers need to implement it separately. >> >> *Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* >> Yes >> >> https://wpt.fyi/results/webauthn/conditional-mediation.https.html?label=experimental&label=master&aligned >> >> *Flag name on about://flags* >> *No information provided* >> >> *Finch feature name* >> *No information provided* >> >> *Non-finch justification* >> *No information provided* >> >> *Rollout plan* >> Will ship enabled for all users >> >> *Requires code in //chrome?* >> False >> >> *Tracking bug* >> https://crbug.com/377758786 >> >> *Launch bug* >> https://launch.corp.google.com/launch/4373425 >> >> *Estimated milestones* >> Shipping on desktop 136 >> Shipping on Android 142 >> >> *Anticipated spec changes* >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> *No information provided* >> >> *Link to entry on the Chrome Platform Status* >> https://chromestatus.com/feature/5135710007590912?gate=5163515357429760 >> >> *Links to previous Intent discussions* >> Intent to Prototype: >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67329059.2b0a0220.26ec07.069d.GAE%40google.com >> Ready for Trial: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/XFJmqtQpMds/m/ipPKSS5ECQAJ >> >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com>. >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAB%3DfcEZ%3DRM9VMS_8eWedDh4ADOFq%3DF-imw5oTpTcW4YvvtR66w%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAB%3DfcEZ%3DRM9VMS_8eWedDh4ADOFq%3DF-imw5oTpTcW4YvvtR66w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY80SnGuJ41L-6Tv-QQnUm-PXakxgsH6wJO1XU_hsp9TEw%40mail.gmail.com.
