AuthenticatorAssertionResponse

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

When a WebAuthn authenticator peforms an authentication via the get() call, the result is a new PublicKeyCredential, the PublicKeyCredential.response value will be an AuthenticatorAssertionResponse object. This object contains both the client data (i.e. - browser data) for the authentication as well as the data from the authenticator to cryptographically prove that the authentication is valid.

Properties

 

AuthenticatorAssertionResponse.clientDataJSON
Inherited from AuthenticatorResponse.clientDataJSON. Includes the client data for the authentication, such as origin and challenge.
AuthenticatorAssertionResponse.authenticatorData
An ArrayBuffer containing information from the authenticator such as the Relying Party ID Hash (rpIdHash), a signature counter, test of user presence and user verification flags, and any extensions processed by the authenticator. This is one of the two fields that is signed over by the authenticator.
AuthenticatorAssertionResponse.signature
A assertion signature over AuthenticatorAssertionResponse.authenticatorData and AuthenticatorResponse.clientDataJSON. The assertion signature is created with the private key of keypair that was created during the create() call and verified using the public key of that same keypair.
AuthenticatorAssertionResponse.userHandle
An ArrayBuffer containing an opaque user identifier.

 

Methods

None.

Examples

TBD

Specifications

Specification Status Comment
Web Authentication: An API for accessing Public Key Credentials Level 1 Candidate Recommendation Initial definition.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support651 2 ?601 ? ? ?
authenticatorData651 2 ?601 ? ? ?
signature651 2 ?601 ? ? ?
userHandle651 2 ?601 ? ? ?
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support ? ? ? ? ? ? ?
authenticatorData ? ? ? ? ? ? ?
signature ? ? ? ? ? ? ?
userHandle ? ? ? ? ? ? ?

1. Only support USB U2F tokens

2. From version 65: this feature is behind the Web Authentication API preference (needs to be set to true). To change preferences in Chrome, visit chrome://flags.

Document Tags and Contributors

Contributors to this page: ExE-Boss, apowers313
Last updated by: ExE-Boss,