Retroactive LGTM3 (since you have two LGTM1s from Alex and Rick) - but
please also request the review bits in your chromestatus entry per
Alex's request.
On 1/21/26 11:14 a.m., Alex Russell wrote:
Hey Martin,
Rick pointed out in API OWNERS that I'd missed this was already
shipped, which I guess obviates my previous question. LGTM1
conditional on the various reviews being requested via the tool
(security, enterprise, debuggability, and testing).
Best,
Alex
On Tuesday, January 20, 2026 at 11:48:05 AM UTC-8 Alex Russell wrote:
I'm inclined to LGTM this in light of Apple already shipping, but
it's strange that no considered alternatives are discussed in the
Explainer. Were these sorted out in the TAG review? Is there a
link to that discussion somewhere?
Best,
Alex
On Friday, January 16, 2026 at 8:53:01 AM UTC-8 Rick Byers wrote:
Thanks for acknowledging the mistake and sending this
retroactively Martin. No concerns with the intent from me, LGTM1.
Sorry we didn't have any way in our 'webexposed' tests to
double-check for approvals for this sort of new feature
(JSON-schema only change to the argument of a web-exposed
API). I don't see any reliable and low-friction check we could
add for cases like this, so I think we should just chalk this
up as a known limitation of our heuristics. Mistakes like this
do happen occasionally but IMHO they are extremely rare so not
something I think we need to take special action on.
On Thu, Jan 15, 2026 at 3:58 PM 'Martin Kreichgauer' via
blink-dev <[email protected]> wrote:
Hello API Owners,
This feature was launched on Desktop in Chrome 136 and
Android in 142, and we unfortunately forgot to request
Intent to Ship approvals. I just realized this mistake
while we were cleaning up old feature flags, my apologies.
Are there any concerns or could we please have retroactive
LGTMs?
For context, this was an additional feature to WebAuthn
that had an already existing spec and an implementation in
WebKit. Several large Relying Parties have adopted it already.
Thanks,
Martin Kreichgauer
On Thu, Jan 15, 2026 at 12:57 PM Chromestatus
<[email protected]
<mailto:[email protected]>> wrote:
*Contact emails*
[email protected]
*Specification*
https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional:~:text=For%20create
<https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional:~:text=For%20create>
*Summary*
WebAuthn Conditional Create allows websites to
automatically create passkeys for existing users that
have a matching password saved in their password manager.
*Blink component*
Blink>WebAuthentication
<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EWebAuthentication%22>
*Web Feature ID*
/No information provided/
*Motivation*
WebAuthn Conditional Create requests let a website
(aka a Relying Party or RP) create a passkey without
prominent modal mediation, if the user has previously
consented to credential creation. The motivating use
case is commonly referred to as "passkey upgrades".
I.e., if the browser/credential manager already stores
an existing password credential for the same
website/relying party and user, conditional create
allows the the website automatically create a matching
passkey. An explainer with more information is hosted
in the W3C WebAuthn wiki:
https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Registration-Extension
<https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Registration-Extension>
*Initial public proposal*
/No information provided/
*TAG review*
/No information provided/
*TAG review status*
Issues addressed
*Risks*
*Interoperability and Compatibility*
WebKit already shipped this feature ahead of Blink, so
this launch is positive for interoperability.
/Gecko/: No signal
/WebKit/:
Shipped/Shipping
(https://developer.apple.com/documentation/safari-release-notes/safari-18-release-notes#Authentication:~:text=Implemented%20conditional%20credential%20creation.%20
<https://developer.apple.com/documentation/safari-release-notes/safari-18-release-notes#Authentication:~:text=Implemented%20conditional%20credential%20creation.%20>)
/Web developers/: No signals
/Other signals/:
*WebView application risks*
Does this intent deprecate or change behavior of
existing APIs, such that it has potentially high risk
for Android WebView-based applications?
/No information provided/
*Debuggability*
/No information provided/
*Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, ChromeOS, Android, and
Android WebView)?*
Yes
Blink implements this feature on all platforms. On
Android, requests are forwarded to the native
Credential Manager API, where supporting password
managers need to implement it separately.
*Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?*
Yes
https://wpt.fyi/results/webauthn/conditional-mediation.https.html?label=experimental&label=master&aligned
<https://wpt.fyi/results/webauthn/conditional-mediation.https.html?label=experimental&label=master&aligned>
*Flag name on about://flags*
/No information provided/
*Finch feature name*
/No information provided/
*Non-finch justification*
/No information provided/
*Rollout plan*
Will ship enabled for all users
*Requires code in //chrome?*
False
*Tracking bug*
https://crbug.com/377758786
*Launch bug*
https://launch.corp.google.com/launch/4373425
<https://launch.corp.google.com/launch/4373425>
*Estimated milestones*
Shipping on desktop 136
Shipping on Android 142
*Anticipated spec changes*
Open questions about a feature may be a source of
future web compat or interop issues. Please list open
issues (e.g. links to known github issues in the
project for the feature specification) whose
resolution may introduce web compat/interop risk
(e.g., changing to naming or structure of the API in a
non-backward-compatible way).
/No information provided/
*Link to entry on the Chrome Platform Status*
https://chromestatus.com/feature/5135710007590912?gate=5163515357429760
<https://chromestatus.com/feature/5135710007590912?gate=5163515357429760>
*Links to previous Intent discussions*
Intent to Prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67329059.2b0a0220.26ec07.069d.GAE%40google.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67329059.2b0a0220.26ec07.069d.GAE%40google.com>
Ready for Trial:
https://groups.google.com/a/chromium.org/g/blink-dev/c/XFJmqtQpMds/m/ipPKSS5ECQAJ
<https://groups.google.com/a/chromium.org/g/blink-dev/c/XFJmqtQpMds/m/ipPKSS5ECQAJ>
This intent message was generated by Chrome Platform
Status <https://chromestatus.com>.
--
You received this message because you are subscribed to
the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to
[email protected]
<mailto:[email protected]>.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAB%3DfcEZ%3DRM9VMS_8eWedDh4ADOFq%3DF-imw5oTpTcW4YvvtR66w%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAB%3DfcEZ%3DRM9VMS_8eWedDh4ADOFq%3DF-imw5oTpTcW4YvvtR66w%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a041dfcd-667d-4c3d-a78b-7a0204d53328n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a041dfcd-667d-4c3d-a78b-7a0204d53328n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/60fed723-e341-46ad-a37f-bc8a02dd813c%40chromium.org.
