Create a new challenge to be sent to the authenticator.

Returns the origin per the HTML spec: (scheme)://(host)[:(port)].

Parse the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete.

Parse the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete.

Using one of the locally registered attestation formats, handle validating the attestation data provided by the authenticator (and in some cases its manufacturer).

ResidentKeyRequired - Require that the key be private key resident to the client device.

ResidentKeyUnrequired - Do not require that the private key be resident to the client device.

BLE The authenticator should transport information over Bluetooth.

ChallengeLength - Length of bytes to generate for a challenge.

CrossPlatform A roaming authenticator is attached using cross-platform transports, called cross-platform attachment.

Referred to as AT.

Referred to as ED.

Referred to as UP.

Referred to as UV.

Internal the client should use an internal source like a TPM or SE.

Derived inside keymaster.

Generated in keymaster.

Imported into keymaster.

Keymaster did not record origin.

Usable with RSA, EC and AES keys.

Usable with EC keys.

Usable with RSA, EC and AES keys.

Usable with RSA, EC and HMAC keys.

Usable with RSA, EC and HMAC keys.

Usable with wrapped keys.

NFC The authenticator should transport information over Near Field Communication Protocol.

Indicates token binding not supported when communicating with the Relying Party.

Platform - A platform authenticator is attached using a client device-specific transport, called platform attachment, and is usually not removable from the client device.

This value indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.

This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements.

The default value.

Indicates token binding was used when communicating with the Relying Party.

PublicKeyCredentialType - Currently one credential type is defined, namely "public-key".

ResidentKeyRequirementDiscouraged indicates to the client we do not want a discoverable credential.

ResidentKeyRequirementPreferred indicates to the client we would prefer a discoverable credential.

ResidentKeyRequirementRequired indicates to the client we require a discoverable credential and that it should fail if the credential does not support this feature.

Indicates token binding was used when communicating with the negotiated when communicating with the Relying Party.

USB The authenticator should transport information over USB.

VerificationDiscouraged The authenticator should not verify the user for the credential.

This is the default.

VerificationRequired User verification is required to create/release a credential.

Apple has not yet publish schema for the extension(as of JULY 2021.).

From §6.4.

The AuthenticatorAssertionResponse contains the raw authenticator assertion data and is parsed into ParsedAssertionResponse.

The initial unpacked 'response' object received by the relying party.

AuthenticatorData From §6.1 of the spec.

Authenticators respond to Relying Party requests by returning an object derived from the AuthenticatorResponse interface.

WebAuthn Relying Parties may use the AuthenticatorSelectionCriteria dictionary to specify their requirements regarding authenticator attributes.

CollectedClientData represents the contextual bindings of both the WebAuthn Relying Party and the client.

The basic credential type that is inherited by WebAuthn's PublicKeyCredential type https://w3c.github.io/webappsec-credential-management/#credential.

The raw response returned to us from an authenticator when we request a credential for login/assertion.

This dictionary contains the attributes that are specified by a caller when referring to a public key credential as an input parameter to the create() or get() methods.

From §5.4.1 (https://www.w3.org/TR/webauthn/#dictionary-pkcredentialentity).

CredentialParameter is the credential type and algorithm that the relying party wants the authenticator to create.

Parsed form of AuthenticatorAssertionResponse.

The parsed out version of AuthenticatorAttestationResponse.

The PublicKeyCredential interface inherits from Credential, and contains the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.

The parsed CredentialAssertionResponse that has been marshalled into a format that allows us to verify the client and authenticator data inside the response.

In order to create a Credential via create(), the caller specifies a few parameters in a CredentialCreationOptions object.

The PublicKeyCredentialRequestOptions dictionary supplies get() with the data it needs to generate an assertion.

From §5.4.2 (https://www.w3.org/TR/webauthn/#sctn-rp-credential-params).

From §5.4.3 (https://www.w3.org/TR/webauthn/#sctn-user-credential-params).

AuthenticationExtensions - referred to as AuthenticationExtensionsClientInputs in the spec document, this member contains additional parameters requesting additional processing by the client and authenticator.

AuthenticatorAttachment https://www.w3.org/TR/webauthn/#dom-authenticatorselectioncriteria-authenticatorattachment.

AuthenticatorFlags A byte of information returned during during ceremonies in the authenticatorData that contains bits that give us information about the whether the user was present and/or verified during authentication, and whether there is attestation or extension data present.

Authenticators may implement various transports for communicating with clients.

Challenge that should be signed and returned by the authenticator.

WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation.

This enumeration defines the valid credential types.

* * The origin of a key (or pair), i.e.

* * Possible purposes of a key (or pair).

ResidentKeyRequirement https://www.w3.org/TR/webauthn/#dom-authenticatorselectioncriteria-residentkey.

URLEncodedBase64 represents a byte slice holding URL-encoded base64 data.

A WebAuthn Relying Party may require user verification for some of its operations but not for others, and may use this type to express its needs.