Web/API/PublicKeyCredentialCreationOptions/authenticatorSelection
Secure contextThis feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
authenticatorSelection
, an optional property of the PublicKeyCredentialCreationOptions
dictionary, is an object giving criteria to filter out the authenticators to be used for the creation operation.
Syntax
authenticatorSelection = publicKeyCredentialCreationOptions.authenticatorSelection
Value
An object with the following properties:
authenticatorAttachment
Optional- A string which is either "
platform
" or "cross-platform
". The former describes an authenticator which is bound to the client and which is generally not removable. The latter describes a device which may be used across different platform (such as a USB or NFC device). requireResidentKey
Optional- A boolean which indicated that the credential private key must be stored in the authenticator, the client or in a client device. The default value is
false
. userVerification
Optional- A string qualifying how the user verification should be part of the authentication process. The values may be:
- "
required
": user verification is required, the operation will fail if the response does not have the UV flag (as part of theauthenticatorData
property ofAuthenticatorAttestationResponse.attestationObject
) - "
preferred
": user verification is prefered, the operation will not fail if the response does not have the UV flag (as part of theauthenticatorData
property ofAuthenticatorAttestationResponse.attestationObject
) - "
discouraged
": user verification should not be employed as to minimize the user interaction during the process.
preferred
". - "
The authenticator used for the creation of the public key credential must comply with the requirements.
Note: See PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
which resolves to true
when a user-verifiying platform authenticator is available.
Examples
var publicKey = {
authenticatorSelection:{
authenticatorAttachment: "cross-platform",
requireResidentKey: true,
userVerification: "required"
},
challenge: new Uint8Array(26) /* this actually is given from the server */,
rp: {
name: "Example CORP",
id : "login.example.com"
},
user: {
id: new Uint8Array(26), /* To be changed for each user */
name: "[email protected]",
displayName: "John Doe",
},
pubKeyCredParams: [ {
type: "public-key",
alg: -7 } ]
};
navigator.credentials.create({ publicKey })
.then(function (newCredentialInfo) {
// send attestation response and client extensions
// to the server to proceed with the registration
// of the credential
}).catch(function (err) {
console.error(err);
});
Specifications
Specification | Status | Comment |
---|---|---|
Web Authentication: An API for accessing Public Key Credentials Level 1The definition of 'authenticatorSelection' in that specification. | Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Chrome
Full support 67 |
Edge
Full support ≤79 |
Firefox
Full support 60 |
IE
No support No |
Opera
Full support 54 |
Safari
Full support 13 |
WebView Android
No support No |
Chrome Android
Full support 67 |
Firefox Android
? |
Opera Android
Full support 48 |
Safari iOS
Full support 13.3 |
Samsung Internet Android
No support No |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.'
- Experimental. Expect behavior to change in the future.
See also
PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
AuthenticatorAssertionResponse.authenticatorData
whose structure contains the UV flag (please note that for the creation operation,AuthenticatorAttestationResponse.attestationObject
only contains a CBOR encoded version of this data and does not give an immediate access to the flag).
PublicKeyCredentialCreationOptions.authenticatorSelection by Mozilla Contributors is licensed under CC-BY-SA 2.5.