This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

When a WebAuthn authenticator creates a new PublicKeyCredential via a create() call, the PublicKeyCredential.response value will be an AuthenticatorAttestationResponse object. This object contains two properties: 1) a clientDataJSON property inherited from AuthenticatorResponse; and 2) an attestationObject that is an authenticator's way of providing a root of trust for the newly created keypair.


Inherited from AuthenticatorResponse.clientDataJSON. Includes the client data for the authentication, such as origin and challenge.
An authenticator's cryptographic attestation that a newly generated keypair was created by that authenticator.






Specification Status Comment
Web Authentication: An API for accessing Public Key Credentials Level 1 Candidate Recommendation Initial definition.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support651 2 ?601 ? ? ?
attestationObject651 2 ?601 ? ? ?
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support ? ? ? ? ? ? ?
attestationObject ? ? ? ? ? ? ?

1. Only support USB U2F tokens

2. From version 65: this feature is behind the Web Authentication API preference (needs to be set to true). To change preferences in Chrome, visit chrome://flags.

Document Tags and Contributors

Contributors to this page: ExE-Boss, apowers313
Last updated by: ExE-Boss,