Web/API/PublicKeyCredentialCreationOptions/excludeCredentials
Secure contextThis feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
excludeCredentials
, an optional property of the PublicKeyCredentialCreationOptions
dictionary, is an Array
whose elements are descriptors for the public keys already existing for a given user. This is provided by the relying party's server if it wants to prevent creation of new credentials for an existing user.
Syntax
excludeCredentials = publicKeyCredentialCreationOptions.excludeCredentials
Value
An Array
whose elements are objects with the following properties:
type
- A string describing type of public-key credential to be created. As of this writing (March 2019), only "
public-key
" may be used. id
- A
BufferSource
matching an existing public key credential identifier (PublicKeyCredential.rawId
). This identifier is generated during the creation of thePublicKeyCredential
instance. transports
Optional- An
Array
of strings describing the possible transports between the client and the authenticator. The value of the strings may be:
- "
usb
" - the authenticator can be contacted via a removable USB link
- "
nfc
": the authenticator may be used over NFC (Near Field Communication) - "
ble
": the authenticator may be used over BLE (Bluetooth Low Energy) - "
internal
": the authenticator is specifically bound to the client device (cannot be removed).
If the authenticator already contains one of such a public key credential, the client will throw a DOMException
or asks the user if they want to create a new credential.
Examples
var publicKey = {
excludeCredentials: [
{
type: "public-key",
// the id for [email protected]
id : new Uint8Array(26) /* this actually is given by the server */
},
{
type: "public-key",
// the id for [email protected]
id : new Uint8Array(26) /* another id */
}
],
challenge: new Uint8Array(26) /* this actually is given from the server */,
rp: {
name: "Example CORP",
id : "login.example.com"
},
user: {
id: new Uint8Array(26), /* To be changed for each user */
name: "[email protected]",
displayName: "John Doe",
},
pubKeyCredParams: [ {
type: "public-key",
alg: -7 } ]
};
navigator.credentials.create({ publicKey })
.then(function (newCredentialInfo) {
// send attestation response and client extensions
// to the server to proceed with the registration
// of the credential
}).catch(function (err) {
console.error(err);
});
Specifications
Specification | Status | Comment |
---|---|---|
Web Authentication: An API for accessing Public Key Credentials Level 1The definition of 'excludeCredentials' in that specification. | Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Chrome
Full support 67 |
Edge
Full support ≤79 |
Firefox
Full support 60 |
IE
No support No |
Opera
Full support 54 |
Safari
Full support 13 |
WebView Android
No support No |
Chrome Android
Full support 67 |
Firefox Android
? |
Opera Android
Full support 48 |
Safari iOS
Full support 13.3 |
Samsung Internet Android
No support No |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.'
- Experimental. Expect behavior to change in the future.
PublicKeyCredentialCreationOptions.excludeCredentials by Mozilla Contributors is licensed under CC-BY-SA 2.5.