index.md

title	slug	page-type	browser-compat
PublicKeyCredential	Web/API/PublicKeyCredential	web-api-interface	api.PublicKeyCredential

{{APIRef("Web Authentication API")}}{{securecontext_header}}

The PublicKeyCredential interface provides information about a public key / private key pair, which is a credential for logging in to a service using an un-phishable and data-breach resistant asymmetric key pair instead of a password. It inherits from {{domxref("Credential")}}, and is part of the Web Authentication API extension to the Credential Management API.

{{InheritanceDiagram}}

Note

This API is restricted to top-level contexts. Use from within an {{HTMLElement("iframe")}} element will not have any effect.

Instance properties

• {{domxref("PublicKeyCredential.authenticatorAttachment")}} {{ReadOnlyInline}}

  • : A string that indicates the mechanism by which the WebAuthn implementation is attached to the authenticator at the time the associated {{domxref("CredentialsContainer.create()","navigator.credentials.create()")}} or {{domxref("CredentialsContainer.get()","navigator.credentials.get()")}} call completes.

• {{domxref("PublicKeyCredential.id")}} {{ReadOnlyInline}}

  • : Inherited from {{domxref("Credential")}} and overridden to be the base64url encoding of {{domxref("PublicKeyCredential.rawId")}}.

• {{domxref("PublicKeyCredential.rawId")}} {{ReadOnlyInline}}

  • : An {{jsxref("ArrayBuffer")}} that holds the globally unique identifier for this PublicKeyCredential. This identifier can be used to look up credentials for future calls to {{domxref("CredentialsContainer.get()","navigator.credentials.get()")}}.

• {{domxref("PublicKeyCredential.response")}} {{ReadOnlyInline}}

  • : An instance of an {{domxref("AuthenticatorResponse")}} object. It is either of type {{domxref("AuthenticatorAttestationResponse")}} if the PublicKeyCredential was the results of a {{domxref("CredentialsContainer.create()","navigator.credentials.create()")}} call, or of type {{domxref("AuthenticatorAssertionResponse")}} if the PublicKeyCredential was the result of a {{domxref("CredentialsContainer.get()","navigator.credentials.get()")}} call.

• PublicKeyCredential.type {{ReadOnlyInline}}

  • : Inherited from {{domxref("Credential")}}. Always set to public-key for PublicKeyCredential instances.

Static methods

• {{domxref("PublicKeyCredential.getClientCapabilities_static", "PublicKeyCredential.getClientCapabilities()")}}
  • : Returns a {{jsxref("Promise")}} that resolves with an object that can be used to check whether or not particular WebAuthn capabilities and extensions are supported.
• {{domxref("PublicKeyCredential.isConditionalMediationAvailable_static", "PublicKeyCredential.isConditionalMediationAvailable()")}}
  • : Returns a {{jsxref("Promise")}} which resolves to true if conditional mediation is available.
• {{domxref("PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable_static", "PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()")}}
  • : Returns a {{jsxref("Promise")}} which resolves to true if an authenticator bound to the platform is capable of verifying the user.
• {{domxref("PublicKeyCredential.parseCreationOptionsFromJSON_static", "PublicKeyCredential.parseCreationOptionsFromJSON()")}}
  • : Convenience method for deserializing server-sent credential registration data when registering a user with credentials.
• {{domxref("PublicKeyCredential.parseRequestOptionsFromJSON_static", "PublicKeyCredential.parseRequestOptionsFromJSON()")}}
  • : Convenience method for deserializing server-sent credential request data when authenticating a (registered) user.

Instance methods

• {{domxref("PublicKeyCredential.getClientExtensionResults()")}}
  • : If any extensions were requested, this method will return the results of processing those extensions.
• {{domxref("PublicKeyCredential.toJSON()")}}
  • : Convenience method for creating a JSON string representation of a PublicKeyCredential for sending to the server when registering a user with credentials and authenticating a registered user.

Examples

Creating a new instance of PublicKeyCredential

Here, we use {{domxref("CredentialsContainer.create()","navigator.credentials.create()")}} to generate a new credential.

const createCredentialOptions = {
  publicKey: {
    challenge: new Uint8Array([
      21, 31, 105 /* 29 more random bytes generated by the server */,
    ]),
    rp: {
      name: "Example CORP",
      id: "login.example.com",
    },
    user: {
      id: new Uint8Array(16),
      name: "[email protected]",
      displayName: "Carina Anand",
    },
    pubKeyCredParams: [
      {
        type: "public-key",
        alg: -7,
      },
    ],
  },
};

navigator.credentials
  .create(createCredentialOptions)
  .then((newCredentialInfo) => {
    const response = newCredentialInfo.response;
    const clientExtensionsResults =
      newCredentialInfo.getClientExtensionResults();
  })
  .catch((err) => {
    console.error(err);
  });

Getting an existing instance of PublicKeyCredential

Here, we fetch an existing credential from an authenticator, using {{domxref("CredentialsContainer.get()","navigator.credentials.get()")}}.

const requestCredentialOptions = {
  publicKey: {
    challenge: new Uint8Array([
      /* bytes sent from the server */
    ]),
  },
};

navigator.credentials
  .get(requestCredentialOptions)
  .then((credentialInfoAssertion) => {
    // send assertion response back to the server
    // to proceed with the control of the credential
  })
  .catch((err) => {
    console.error(err);
  });

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

• The parent interface {{domxref("Credential")}}