Credential Management API
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The Credential Management API enables a website to create, store, and retrieve credentials. A credential is an item which enables a system to make an authentication decision: for example, to decide whether to sign a user into an account. We can think of it as a piece of evidence that a user presents to a website to demonstrate that they really are the person they are claiming to be.
Concepts and usage
The central interface is the CredentialsContainer
, which is accessed through the navigator.credentials
property and provides three main functions:
create()
: create a new credential.store()
: store a new credential locally.get()
: retrieve a credential, which can then be used to log a user in.
The API supports four different types of credential, which are all represented as subclasses of Credential
:
Type | Interface |
---|---|
Password | PasswordCredential |
Federated identity | IdentityCredential , FederatedCredential (deprecated) |
One-time password (OTP) | OTPCredential |
Web Authentication | PublicKeyCredential |
The guide page Credential types gives an overview of the different credential types and how they are used.
Interfaces
Credential
-
Provides information about an entity as a prerequisite to a trust decision.
CredentialsContainer
-
Exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out. This interface is accessible from
navigator.credentials
. FederatedCredential
-
Provides information about credentials from a federated identity provider, which is an entity that a website trusts to correctly authenticate a user, and which provides an API for that purpose. OpenID Connect is an example of such a framework.
PasswordCredential
-
Provides information about a username/password pair.
Extensions to other interfaces
-
Returns the
CredentialsContainer
interface which exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out.
Specifications
Specification |
---|
Credential Management Level 1 |
Browser compatibility
api.Credential
Report problems with this compatibility data on GitHubLegend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.
api.CredentialsContainer
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
CredentialsContainer | ||||||||||||
create | ||||||||||||
publicKey option | ||||||||||||
attestation option | ||||||||||||
attestation.direct | ||||||||||||
attestation.enterprise | ||||||||||||
attestation.indirect | ||||||||||||
attestation.none | ||||||||||||
create() extensions | ||||||||||||
appidExclude extension | ||||||||||||
credProps extension | ||||||||||||
credProtect extension | ||||||||||||
largeBlob extension | ||||||||||||
minPinLength extension | ||||||||||||
payment extension | ||||||||||||
publicKey_option.requireResidentKey | ||||||||||||
publicKey_option.residentKey | ||||||||||||
get | ||||||||||||
identity option | ||||||||||||
identity.context | ||||||||||||
Error API | ||||||||||||
identity.providers.loginHint | ||||||||||||
otp option | ||||||||||||
publicKey option | ||||||||||||
get() extensions | ||||||||||||
appid extension | ||||||||||||
largeBlob extension | ||||||||||||
preventSilentAccess | ||||||||||||
store |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- Partial support
- Partial support
- No support
- No support
- Experimental. Expect behavior to change in the future.
- Non-standard. Check cross-browser support before using.
- See implementation notes.
- Uses a non-standard name.
- Has more compatibility info.
api.FederatedCredential
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
FederatedCredential | ||||||||||||
FederatedCredential() constructor | ||||||||||||
iconURL | ||||||||||||
name | ||||||||||||
protocol | ||||||||||||
provider |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.
- See implementation notes.
api.PasswordCredential
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
PasswordCredential | ||||||||||||
PasswordCredential() constructor | ||||||||||||
iconURL | ||||||||||||
name | ||||||||||||
password |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.
- See implementation notes.