CredentialsContainer.create()
The create()
method of the
CredentialsContainer
interface returns a Promise
that
resolves with a new Credential
instance based on the provided options, or
null
if no Credential
object can be created.
Note: This method is restricted to top-level contexts. Calls to it within an
<iframe>
element will resolve without effect.
Syntax
create()
create(options)
Parameters
options
Optional-
An object of type
CredentialCreationOptions
that contains options for the requested newCredentials
object. It must include one of the options "password", "federated", or "publicKey". The options are:password
Optional-
Either an
HTMLFormElement
, or aPasswordCredentialData
object. TBD-
id
: (required) string Inherited fromCredentialData
. name
: string Optional TBDiconURL
: string Optional TBDpassword
: (required) string TBD
-
federated
Optional-
An
FederatedCredentialInit
object. Contains requirements for creating/obtaining federated credentials. The available options are:-
id
: (required) string Inherited fromCredentialData
. name
: string Optional TBDiconURL
: string Optional TBDprovider
: (required) string TBDprotocol
: string Optional TBD
-
publicKey
Optional-
An object that describes the options for creating a WebAuthn credential containing the following properties:
rp
-
An object describing the relying party which requested the credential creation. It can contain the following properties:
id
Optional-
The ID of the relying party. If omitted, the document origin will be used as the default value.
name
-
The name of the relying party. This is the name the user will be presented with when creating or validating a WebAuthn operation.
user
-
An object describing the user account for which the credential is generated. It can contain the following properties:
id
: A unique user id of typeBufferSource
. This value cannot exceed 64 bytes.name
: A user handle (ex:john34
).displayName
: A human-friendly user display name (example:John Doe
).
challenge
-
An
ArrayBuffer
, aTypedArray
, or aDataView
emitted by the relying party's server and used as a cryptographic challenge. This value will be signed by the authenticator and the signature will be sent back as part ofAuthenticatorAttestationResponse.attestationObject
. pubKeyCredParams
-
An
Array
of items which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations. This array is sorted by descending order of preference. Each item can be composed of the following properties:alg
: A COSE Algorithm Identifier. For instance, -257 refers to the algorithm RS256.type
: Must be the stringpublic-key
.
timeout
Optional-
A numerical hint, in milliseconds, which indicates the time the caller is willing to wait for the creation operation to complete. This hint may be overridden by the browser.
excludeCredentials
Optional-
An
Array
of descriptors for existing credentials. This is provided by the relying party to avoid creating new public key credentials for an existing user who already has some. Each item should be of the form:id
: The credential ID as aBufferSource
.type
: Must be the stringpublic-key
.transports
: AnArray
of allowed transports. Possible transports are:usb
,nfc
,ble
, andinternal
.
authenticatorSelection
Optional-
An object whose properties are criteria used to filter out the potential authenticators for the creation operation. Can contain the properties:
authenticatorAttachment
Optional : Allowed values areplatform
orcross-platform
.residentKey
Optional : Allowed values arediscouraged
,preferred
, orrequired
. The default value isrequired
ifrequireResidentKey
istrue
; otherwise the default value isdiscouraged
.requireResidentKey
Optional : This property is deprecated. The value should be set totrue
if theresidentKey
is set torequired
.userVerification
Optional : Allowed values arediscouraged
,preferred
, orrequired
.
attestation
Optional-
A
String
which indicates how the attestation (for the authenticator's origin) should be transported. Should be one ofnone
,indirect
,direct
, orenterprise
. The default value isnone
. extensions
Optional-
An object with several client extensions' inputs. Those extensions are used to request additional processing (e.g. dealing with legacy FIDO APIs credentials, prompting a specific text on the authenticator, etc.).
Return value
A Promise
that resolves with a Credential
instance, such
as PasswordCredential
, FederatedCredential
,
or PublicKeyCredential
.
Specifications
Specification |
---|
Credential Management Level 1 # dom-credentialscontainer-create |
Browser compatibility
BCD tables only load in the browser