diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs
index 17c498bc..db10e328 100644
--- a/Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs
+++ b/Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs
@@ -62,6 +62,14 @@ public sealed class AuthenticationExtensionsClientInputs
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
public AuthenticationExtensionsPRFInputs? PRF { get; set; }
+ ///
+ /// This client registration extension and authentication extension allows a Relying Party to store opaque data associated with a credential.
+ /// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+ ///
+ [JsonPropertyName("largeBlob")]
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+ public AuthenticationExtensionsLargeBlobInputs? LargeBlob { get; set; }
+
///
/// This registration extension allows relying parties to specify a credential protection policy when creating a credential.
/// Additionally, authenticators MAY choose to establish a default credential protection policy greater than UserVerificationOptional (the lowest level)
diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsClientOutputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsClientOutputs.cs
index 1a3da7b0..edcf8059 100644
--- a/Src/Fido2.Models/Objects/AuthenticationExtensionsClientOutputs.cs
+++ b/Src/Fido2.Models/Objects/AuthenticationExtensionsClientOutputs.cs
@@ -59,6 +59,13 @@ public class AuthenticationExtensionsClientOutputs
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
public AuthenticationExtensionsPRFOutputs? PRF { get; set; }
+ ///
+ /// This client registration extension and authentication extension allows a Relying Party to store opaque data associated with a credential.
+ /// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+ ///
+ [JsonPropertyName("largeBlob")]
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+ public AuthenticationExtensionsLargeBlobOutputs? LargeBlob { get; set; }
///
/// The CredentialProtectionPolicy stored alongside the created credential
diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobInputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobInputs.cs
new file mode 100644
index 00000000..a36397d8
--- /dev/null
+++ b/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobInputs.cs
@@ -0,0 +1,57 @@
+#nullable enable
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+///
+/// Input values for the largeBlob extension.
+///
+/// Note: If a value is specified for , and the assertion is intended to be invoked on a web browser,
+/// additional transformation must be performed on the client side before calling navigator.credentials.get().
+/// Specifically, the value must be converted from a base64url-encoded string to a Uint8Array.
+///
+/// https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargeblobinputs
+///
+public sealed class AuthenticationExtensionsLargeBlobInputs
+{
+ ///
+ /// Requests that the credential be created with largeBlob support.
+ ///
+ /// A value of Required will cause credential creation to fail on the client side if largeBlob support is not available.
+ /// A value of Preferred will allow credential creation to succeed even if largeBlob support is not available.
+ ///
+ /// Valid only during registration.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-support
+ ///
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+ [JsonPropertyName("support")]
+ public LargeBlobSupport? Support { get; set; }
+
+ ///
+ /// Whether or not to read from the blob.
+ ///
+ /// Cannot be used in combination with .
+ ///
+ /// Valid only during assertion.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-read
+ ///
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+ [JsonPropertyName("read")]
+ public bool Read { get; set; }
+
+ ///
+ /// A blob to write to the authenticator.
+ ///
+ /// Cannot be used in combination with .
+ ///
+ /// Valid only during assertion.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-write
+ ///
+ [JsonConverter(typeof(Base64UrlConverter))]
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+ [JsonPropertyName("write")]
+ public byte[]? Write { get; set; }
+}
diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobOutputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobOutputs.cs
new file mode 100644
index 00000000..b67befc9
--- /dev/null
+++ b/Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobOutputs.cs
@@ -0,0 +1,48 @@
+#nullable enable
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+///
+/// Output values for the largeBlob extension.
+///
+/// Note: If the assertion is intended to be run on a web browser, additional transformation must be performed
+/// on the client extension output on the browser side after calling navigator.credentials.get(). Specifically,
+/// the value of largeBlob.blob must be converted from a Uint8Array to a base64url-encoded string.
+///
+/// https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargebloboutputs
+///
+public sealed class AuthenticationExtensionsLargeBlobOutputs
+{
+ ///
+ /// Whether or not the credential was created with largeBlob support.
+ ///
+ /// Valid only during registration.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-supported
+ ///
+ [JsonPropertyName("supported")]
+ public bool Supported { get; set; } = false;
+
+ ///
+ /// The blob read from the authenticator.
+ ///
+ /// Valid only during assertion.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-blob
+ ///
+ [JsonConverter(typeof(Base64UrlConverter))]
+ [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+ [JsonPropertyName("blob")]
+ public byte[]? Blob { get; set; }
+
+ ///
+ /// Whether or not a blob was written to the authenticator.
+ ///
+ /// Valid only during assertion.
+ ///
+ /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-written
+ ///
+ [JsonPropertyName("written")]
+ public bool Written { get; set; } = false;
+}
diff --git a/Src/Fido2.Models/Objects/LargeBlobSupport.cs b/Src/Fido2.Models/Objects/LargeBlobSupport.cs
new file mode 100644
index 00000000..0b70221c
--- /dev/null
+++ b/Src/Fido2.Models/Objects/LargeBlobSupport.cs
@@ -0,0 +1,23 @@
+using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+///
+/// The possible values for requesting the largeBlob extension during credential registration.
+///
+/// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+///
+[JsonConverter(typeof(FidoEnumConverter))]
+public enum LargeBlobSupport
+{
+ ///
+ /// largeBlob support is required -- credential creation will fail if largeBlob is not supported
+ ///
+ [EnumMember(Value = "required")] Required,
+
+ ///
+ /// largeBlob support is preferred -- credential creation will succeed even if largeBlob is not supported.
+ ///
+ [EnumMember(Value = "preferred")] Preferred
+}