firstDaisy Diff compare report.
Click on the changed parts for a detailed description. Use the left and right arrow keys to walk through the modifications.
last 

Jump to Table of Contents Pop Out Sidebar

W3C W3C

Web Authentication: An API for accessing Scoped Public Key Credentials

W3C Working Draft, 16 February

This version:
https://www.w3.org/TR/2017/WD-webauthn-2017021620170505/
Latest published version:
https://www.w3.org/TR/webauthn/
Editor's Draft:
https://w3c.github.io/webauthn/
Previous Versions:
https://www.w3.org/TR/2017/WD-webauthn-20170216/
https://www.w3.org/TR/2016/WD-webauthn-20161207/
https://www.w3.org/TR/2016/WD-webauthn-20160928/
https://www.w3.org/TR/2016/WD-webauthn-20160902/
https://www.w3.org/TR/2016/WD-webauthn-20160531/
Issue Tracking:
Github
Editors:
(Microsoft)
(PayPal)
(Google)
(Google)
(Google)
(PayPal)
(Microsoft)
(Nok Nok Labs)
(Mozilla)
Tests:
web-platform-tests webauthn/ (ongoing work)

Abstract

This specification defines an API enabling the creation and use of strong, attested, cryptographic scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the user agent in conjunction with the web application. The user agent mediates access to scoped public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to relying parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.

Status of this document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

This document was published by the Web Authentication Working Group as a Working Draft. This document is intended to become a W3C Recommendation. Feedback and comments on this specification are welcome. Please use Github issues. Discussions may also be found in the public-webauthn@w3.org archives.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 September 2015 March 2017 W3C Process Document.

1. Introduction

This section is not normative.

This specification defines an API enabling the creation and use of strong, attested, cryptographic scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. A scoped public key credential is created and stored by an authenticator at the behest of a Relying Party, subject to user consent. Subsequently, the scoped public key credential can only be accessed by origins belonging to that Relying Party. This scoping is enforced jointly by conforming User Agents and authenticators. Additionally, privacy across Relying Parties is maintained; Relying Parties are not able to detect any properties, or even the existence, of credentials scoped to other Relying Parties.

Relying Parties employ the Web Authentication API during two distinct, but related, ceremonies involving a user. The first is Registration, where a scoped public key credential is created on an authenticator, and associated by a Relying Party with the present user’s account (the account may already exist or may be created at this time). The second is Authentication, where the Relying Party is presented with an Authentication Assertion proving the presence and consent of the user who registered the scoped public key credential. Functionally, the Web Authentication API comprises two methods (along with associated data structures): makeCredential() and getAssertiona PublicKeyCredential which extends the Credential Management API [CREDENTIAL-MANAGEMENT-1], and infrastructure which allows those credentials to be used with navigator.credentials.create() and navigator.credentials.get(). The former is used during Registration, and the latter during Authentication.

Broadly, compliant authenticators protect scoped public key credentials, and interact with user agents to implement the Web Authentication API. Some authenticators may run on the same computing device (e.g., smart phone, tablet, desktop PC) as the user agent is running on. For instance, such an authenticator might consist of a Trusted Execution Environment (TEE) applet, a Trusted Platform Module (TPM), or a Secure Element (SE) integrated into the computing device in conjunction with some means for user verification, along with appropriate platform software to mediate access to these components' functionality. Other authenticators may operate autonomously from the computing device running the user agent, and be accessed over a transport such as Universal Serial Bus (USB), Bluetooth Low Energy (BLE) or Near Field Communications (NFC).

1.1. Use Cases

The below use case scenarios illustrate use of two very different types of authenticators, as well as outline further scenarios. Additional scenarios, including sample code, are given later in §11 Sample scenarios.

1.1.1. Registration

1.1.2. Authentication

1.1.3. Other use cases and configurations

A variety of additional use cases and configurations are also possible, including (but not limited to):

2. Conformance

This specification defines criteria for a Conforming User Agent: A User Agent MUST behave as described in this specification in order to be considered conformant. Conforming User Agents MAY implement algorithms given in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained by the specification’s algorithms. A conforming User Agent MUST also be a conforming implementation of the IDL fragments of this specification, as described in the “Web IDL” specification. [WebIDL-1]

This specification also defines a model of a conformant authenticator (see §5 WebAuthn Authenticator model). This is a set of functional and security requirements for an authenticator to be usable by a Conforming User Agent. As described in §1.1 Use Cases, an authenticator may be implemented in the operating system underlying the User Agent, or in external hardware, or a combination of both.

2.1. Dependencies

This specification relies on several other underlying specifications, listed below and in Terms defined by reference.

Base64url encoding

The term Base64url Encoding refers to the base64 encoding using the URL- and filename-safe character set defined in Section 5 of [RFC4648], with all trailing '=' characters omitted (as permitted by Section 3.2) and without the inclusion of any line breaks, whitespace, or other additional characters.

CBOR

A number of structures in this specification, including attestation statements and extensions, are encoded using the Compact Binary Object Representation (CBOR) [RFC7049].

CDDL

This specification describes the syntax of all CBOR-encoded data using the CBOR Data Definition Language (CDDL) [CDDL].

Credential Management

The API described in this document is an extension of the Credential concept defined in [CREDENTIAL-MANAGEMENT-1].

DOM

DOMException and the DOMException values used in this specification are defined in [DOM4].

ECMAScript

%ArrayBuffer% is defined in [ECMAScript].

HTML

The concepts of current relevant settings object, origin, opaque origin, relaxing the same-origin restriction, and the Navigator interface and is a registrable domain suffix of or is equal to are defined in [HTML51HTML52].

Web Cryptography API

The AlgorithmIdentifier type and the method for normalizing an algorithm are defined in Web Cryptography API §algorithm-dictionary.

Web IDL

Many of the interface definitions and all of the IDL in this specification depend on [WebIDL-1]. This updated version of the Web IDL standard adds support for Promises Promises, which are now the preferred mechanism for asynchronous interaction in all new web APIs.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. Terminology

ASCII case-insensitive match

A method of testing two strings for equality by comparing them exactly, code point for code point, except that the codepoints in the range U+0041 .. U+005A (i.e. LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER Z) and the corresponding codepoints in the range U+0061 .. U+007A (i.e. LATIN SMALL LETTER A to LATIN SMALL LETTER Z) are also considered to match.

Assertion

See Authentication Assertion.

Attestation

Generally, a statement that serves to bear witness, confirm, or authenticate. In the WebAuthn context, attestation is employed to attest to the provenance of an authenticator and the data it emits; including, for example: credential IDs, credential key pairs, signature counters, etc. Attestation information is conveyed in attestation objects. See also attestation statement format, and attestation type.

Attestation Certificate

A X.509 Certificate for the attestation key pair used by an Authenticator authenticator to attest to its manufacture and capabilities. At registration time, the authenticator uses the attestation private key to sign the Relying Party-specific credential public key (and additional data) that it generates and returns via the authenticatorMakeCredential operation. Relying Parties use the attestation public key conveyed in the attestation certificate to verify the attestation signature. Note that in the case of self attestation, the authenticator has no distinct attestation key pair nor attestation certificate, see self attestation for details.

Authentication

The ceremony where a user, and the user’s computing device(s) (containing at least one authenticator) work in concert to cryptographically prove to an Relying Party that the user controls the private key associated with a previously-registered scoped public key credential (see Registration). Note that this includes employing user verification.

Authentication Assertion

The cryptographically signed AuthenticationAssertion AuthenticatorAssertionResponse object returned by an authenticator as the result of a authenticatorGetAssertion operation.

Authenticator

A cryptographic device used by a WebAuthn Client to (i) generate a scoped public key credential and register it with a Relying Party, and (ii) subsequently used to cryptographically sign and return, in the form of an Authentication Assertion, a challenge and other data presented by a Relying Party (in concert with the WebAuthn Client) in order to effect authentication.

Authorization Gesture

Essentially the same as user verification.

An authorization gesture is a physical interaction performed by a user with an authenticator as part of a ceremony, such as registration or authentication. By making such an authorization gesture, a user provides consent for (i.e., authorizes) a ceremony to proceed. This may involve user verification if the employed authenticator is capable, or it may involve a simple test of user presence.

Biometric Recognition

The automated recognition of individuals based on their biological and behavioral characteristics [ISOBiometricVocabulary].

Ceremony

The concept of a ceremony [Ceremony] is an extension of the concept of a network protocol, with human nodes alongside computer nodes and with communication links that include UIuser interface(s), human-to-human communication, and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony. In this specification, Registration, and Authentication are ceremonies, and user verification are an authorization gesture is often a component of those ceremonies.

Client

See Conforming User Agent.

Conforming User Agent

A user agent implementing, in conjunction with the underlying platform, the Web Authentication API and algorithms given in this specification, and handling communication between Authenticators authenticators and Relying Parties.

Credential Public Key

The public key portion of an Relying Party-specific credential key pair, generated by an authenticator and returned to an Relying Party at registration time (see also scoped public key credential). The private key portion of the credential key pair is known as the credential private key. Note that in the case of self attestation, the credential key pair is also used as the attestation key pair, see self attestation for details.

Registration

The ceremony where a user, a Relying Party, and the user’s computing device(s) (containing at least one authenticator) work in concert to create a scoped public key credential and associate it with the user’s Relying Party account. Note that this includes employing user verification.

Relying Party

The entity whose web application utilizes the Web Authentication API to register and authenticate users. See Registration and Authentication, respectively.

Note: While the term Relying Party is used in other contexts (e.g., X.509 and OAuth), an entity acting as a Relying Party in one context is not necessarily a Relying Party in other contexts.

Relying Party Identifier
RP ID

An identifier for the Relying Party on whose behalf a given registration or authentication ceremony is being performed. Scoped Public Key credentials can only be used for authentication by the same entity (as identified by RP ID) that created and registered them. By default, the RP ID for a WebAuthn operation is set to the current origin specified by the relevant settings object’s origin of the CredentialsContainer object. This default can be overridden by the caller subject to certain restrictions, as specified in §4.1.1 3 Create a new credential - makeCredential(PublicKeyCredential’s \[[Create]](options) method and §4.1.2 4 Use an existing credential - getAssertion(PublicKeyCredential::[[DiscoverFromExternalSource]](options) method.

Scoped Public Key Credential

Generically, a credential is data one entity presents to another in order to authenticate the former’s identity [RFC4949]. A WebAuthn scoped public key credential is a { identifier, type } pair identifying authentication information established by the authenticator and the Relying Party, together, at registration time. The authentication information consists of an asymmetric key pair, where the public key portion is returned to the Relying Party, which stores it in conjunction with the present user’s account. The authenticator maps the private key to the Relying Party’s RP ID and stores it. Subsequently, only that Relying Party, as identified by its RP ID, is able to employ the scoped public key credential in authentication ceremonies, via the getAssertion get() method. The Relying Party uses its copy of the stored public key to verify the resultant Authentication Assertion.

Test of User Presence
TUP

A test of user presence is a simple form of authorization gesture and technical process where a user interacts with an authenticator by (typically) simply touching it (other modalities may also exist), yielding a boolean result. Note that this does not constitute user verification because TUP, by definition, is not capable of biometric recognition, nor does it involve the presentation of a shared secret such as a password or PIN.

Client-side-resident Credential Private Key

A Client-side-resident Credential Private Key is stored either on the client platform, or in some cases on the authenticator itself, e.g., in the case of a discrete first-factor roaming authenticator. Such client-side credential private key storage has the property that the authenticator is able to select the credential private key given only an RP ID, possibly with user assistance (e.g., by providing the user a pick list of credentials associated with the RP ID). By definition, the private key is always exclusively controlled by the Authenticator. In the case of a Client-side-resident Credential Private Key, the Authenticator might offload storage of wrapped key material to the client platform, but the client platform is not expected to offload the key storage to remote entities (e.g. RP Server).

Client-Side

This refers in general to the combination of the user’s platform device, user agent, authenticators, and everything gluing it all together.

User Consent

User consent means the user agrees with what they are being asked, i.e., it encompasses reading and understanding prompts. User verification encompasses the means employed by the user to indicate An authorization gesture is a ceremony component often employed to indicate user consent.

User Verification

The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations, . User verification may be instigated through various authorization gesture modalities; for example, through a touch plus pin code, a password entry, a gesture or biometric recognition (e.g., presenting a fingerprint) , or other modality. [ISOBiometricVocabulary]. The intent is to be able to distinguish individual users. Note that invocation of said the authenticatorMakeCredential and authenticatorGetAssertion operations implies use of key material managed by the authenticator. Note that for security, user verification and use of credential private keys must occur within a single logical security boundary defining the authenticator.

User Verified

Upon successful completion of a user verification process, the user is said to be "verified".

WebAuthn Client

Also referred to herein as simply a client. See also Conforming User Agent.

4. Web Authentication API

This section normatively specifies the API for creating and using scoped public key credentials. The basic idea is that the credentials belong to the user and are managed by an authenticator, with which the Relying Party interacts through the client (consisting of the browser and underlying OS platform). Scripts can (with the user’s consent) request the browser to create a new credential for future use by the Relying Party. Scripts can also request the user’s permission to perform authentication operations with an existing credential. All such operations are performed in the authenticator and are mediated by the browser and/or platform on the user’s behalf. At no point does the script get access to the credentials themselves; it only gets information about the credentials in the form of objects.

In addition to the above script interface, the authenticator may implement (or come with client software that implements) a user interface for management. Such an interface may be used, for example, to reset the authenticator to a clean state or to inspect the current state of the authenticator. In other words, such an interface is similar to the user interfaces provided by browsers for managing user state such as history, saved passwords and cookies. Authenticator management actions such as credential deletion are considered to be the responsibility of such a user interface and are deliberately omitted from the API exposed to scripts.

The security properties of this API are provided by the client and the authenticator working together. The authenticator, which holds and manages credentials, ensures that all operations are scoped to a particular origin, and cannot be replayed against a different origin, by incorporating the origin in its responses. Specifically, as defined in §5.2 Authenticator operations, the full origin of the requester is included, and signed over, in the attestation object produced when a new credential is created as well as in all assertions produced by WebAuthn credentials.

Additionally, to maintain user privacy and prevent malicious Relying Parties from probing for the presence of credentials belonging to other Relying Parties, each credential is also associated with a Relying Party Identifier, or RP ID. This RP ID is provided by the client to the authenticator for all operations, and the authenticator ensures that credentials created by a Relying Party can only be used in operations requested by the same RP ID. Separating the origin from the RP ID in this way allows the API to be used in cases where a single Relying Party maintains multiple origins.

The client facilitates these security measures by providing correct origins and RP IDs to the authenticator for each operation. Since this is an integral part of the WebAuthn security model, user agents MUST only expose this API to callers in secure contexts, as defined in [secure-contexts].

The Web Authentication API is defined by the union of the Web IDL fragments presented in the following sections. A combined IDL listing is given in the IDL Index. The API is defined as a part of the Navigator interface:

partial interface Navigator { readonly attribute WebAuthentication authentication; };

4.1.

WebAuthentication

PublicKeyCredential Interface

The PublicKeyCredential interface inherits from Credential [CREDENTIAL-MANAGEMENT-1], and contains the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.

[SecureContext]
interface WebAuthenticationPublicKeyCredential {: Credential {
  Promise<ScopedCredentialInfo> makeCredential( readonly attribute ArrayBuffer      Account     rawId;
    readonly attribute AuthenticatorResponse response;
    readonly attribute AuthenticationExtensions clientExtensionResults;
        accountInformation,
        sequence<ScopedCredentialParameters> cryptoParameters,
        BufferSource                         attestationChallenge,
        optional ScopedCredentialOptions     options
    );

    Promise<AuthenticationAssertion> getAssertion(
        BufferSource                    assertionChallenge,
        optional AssertionOptions       options
    );
};

This interface has two methods, which are described in the following subsections.

4.1.1. Create a new credential - makeCredential() method With this method, a script can request the User Agent to create a new credential of a given type and persist it to the underlying platform, which may involve data storage managed by the browser or the OS
};

id

This attribute is inherited from Credential, though PublicKeyCredential overrides Credential's getter, instead returning the base64url encoding of the data contained in the object’s [[identifier]] internal slot.

rawId

This attribute returns the ArrayBuffer contained in the [[identifier]] internal slot.

response, of type AuthenticatorResponse, readonly

This attribute contains the authenticator's response to the client’s request to either create a public key credential, or generate an authentication assertion. If the PublicKeyCredential is created in response to create(), this attribute’s value will be an AuthenticatorAttestationResponse, otherwise, the PublicKeyCredential was created in response to get(), and this attribute’s value will be an AuthenticatorAssertionResponse.

clientExtensionResults, of type AuthenticationExtensions, readonly

This attribute contains a map containing extension identifierclient extension output entries produced by the extension’s client extension processing.

[[type]]

The PublicKeyCredential interface object's [[type]] internal slot's value is the string "public-key".

Note: This is reflected via the type attribute getter inherited from Credential.

[[discovery]]

The PublicKeyCredential interface object's [[discovery]] internal slot's value is "remote".

[[identifier]]

This internal slot contains an identifier for the credential, chosen by the platform with help from the authenticator. This identifier is used to look up credentials for use, and is therefore expected to be globally unique with high probability across all credentials of the same type, across all authenticators. This API does not constrain the format or length of this identifier, except that it must be sufficient for the platform to uniquely select a key. For example, an authenticator without on-board storage may create identifiers containing a credential private key wrapped with a symmetric key that is burned into the authenticator.

PublicKeyCredential's interface object inherits Credential's implementation of [[CollectFromCredentialStore]](options) and [[Store]](credential), and defines its own implementation of [[DiscoverFromExternalSource]](options) and [[Create]](options).

4.1.1. CredentialRequestOptions Extension

To support obtaining assertions via navigator.credentials.get(), this document extends the CredentialRequestOptions dictionary as follows:

partial dictionary CredentialRequestOptions {
    PublicKeyCredentialRequestOptions? publicKey;
};

4.1.2. CredentialCreationOptions Extension

To support registration via navigator.credentials.create(), this document extends the CredentialCreationOptions dictionary as follows:

partial dictionary CredentialCreationOptions {
    MakeCredentialOptions? publicKey;
};

4.1.3. Create a new credential - PublicKeyCredential’s \[[Create]](options) method

PublicKeyCredential's interface object's implementation of the [[Create]](options) method allows scripts to call navigator.credentials.create() to request the creation of a new credential key pair and PublicKeyCredential, managed by an authenticator. The user agent will prompt the user

to approve this operationThe accountInformation parameter specifies information about the user account for which the credential is being created. This is meant for later use by the authenticator when it needs to prompt the user to select a credential. An authenticator is only required to store one credential for any given value of accountInformation. Specifically, if an authenticator already has a credential for the specified value of id in accountInformation, and if this credential is not listed in the excludeList member of options, then after successful execution of this method: The cryptoParameters parameter supplies information about the desired properties of the credential to be created. The sequence is ordered from most preferred to least preferred. The platform makes a best effort to create the most preferred credential that it can.The attestationChallenge parameter contains a challenge intended to be used for generating the newly created credential’s attestation object.The optional options parameter specifies additional options, as described in §4.5 Additional options for Credential Generation (dictionary ScopedCredentialOptions).

for consent. On success, the returned promise will be resolved with a

ScopedCredentialInfo object describing the newly created credential.

This method takes the following parameters:

PublicKeyCredential containing an AuthenticatorAttestationResponse object.

Note: This algorithm is synchronous; the Promise resolution/rejection is taken care of by navigator.credentials.create().

This method accepts a single argument:

options

This argument is a CredentialCreationOptions object whose options["publicKey"] member contains a MakeCredentialOptions object specifying how the credential is to be made.

When this method is invoked, the user agent MUST execute the following algorithm:

  1. Assert: options["publicKey"] is present.

  2. Let options be the value of options["publicKey"].

  3. If any of the name member of options.rp, the name member of options.user, the displayName member of options.user, or the id member of options.user are not present, return a TypeError simple exception.

  4. If the timeout member of options is present, check if its value lies within a reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set adjustedTimeout to this adjusted value. If the timeout

was not specifiedSet callerOrigin to the current settings object’s origin
  1. member of options is not present, then set adjustedTimeout to a platform-specific default.

  2. Let

promise be a new Promise. Return promise and start a timer for adjustedTimeout milliseconds. Then asynchronously continue executing the following steps. If any fatal error is encountered in this process other than the ones enumerated below, cancel the timer, reject promise with a DOMException whose name is "UnknownError", and terminate this algorithm.
  1. global be the PublicKeyCredential interface object's environment settings object’s global object.

  2. Let callerOrigin be the origin specified by this PublicKeyCredential interface object's relevant settings object. If callerOrigin is an opaque origin,

reject promise with
  1. return a DOMException whose name is "NotAllowedError", and terminate this algorithm.

Otherwise,
  1. If the

rpId
  1. id member of options.rp is not present, then set rpId to callerOrigin.

If the rpId member of options is present, then invoke the procedure used for relaxing the same-origin restriction by setting the document.domain attribute, using rpId as the given value but without changing the current document’s domain. If no errors are thrown, set rpId to the value of host as computed by this procedure. Otherwise, reject promise with Let current be the currently selected element of cryptoParameters.
  1. Otherwise:

    1. Let effectiveDomain be the callerOrigin’s effective domain.

    2. If effectiveDomain is null, then return a DOMException whose name is "SecurityError" and terminate this algorithm.

    3. If options.rp.id is not a registrable domain suffix of and is not equal to effectiveDomain, return a DOMException whose name is "SecurityError", and terminate this algorithm.

Process each element of cryptoParameters using the following steps, to produce a new sequence normalizedParameters.

    1. Set rpId to options.rp.id.

  1. Let normalizedParameters be a new list whose items are pairs of PublicKeyCredentialType and a dictionary type (as returned by normalizing an algorithm).

  2. For each current of options.parameters:

    1. If current.type does not contain a

ScopedCredentialType
    1. PublicKeyCredentialType supported by this implementation, then

stop processing current and move on to the next element in cryptoParameters
    1. continue.

    2. Let normalizedAlgorithm be the result of normalizing an algorithm [WebCryptoAPI], with alg set to current.algorithm and op set to

'
    1. "generateKey

'Add a new object of type ScopedCredentialParameters to normalizedParameters, with type set to
    1. ". If an error occurs during this procedure, then

stop processing current and move on to the next element in cryptoParameters.
    1. continue.

    2. Append the pair of current.type and

algorithm set
    1. normalizedAlgorithm to

normalizedAlgorithm
    1. normalizedParameters.

  1. If

normalizedAlgorithm
  1. normalizedParameters is empty and

cryptoParameters was
  1. options.parameters is not empty, cancel the timer started in step 2,

reject promise with
  1. return a DOMException whose name is "NotSupportedError", and terminate this algorithm.

  2. Let clientExtensions be a new map and let authenticatorExtensions be a new map.

  3. If the extensions member of options is present,

process any extensions
  1. then for each extensionIdclientExtensionInput of options.extensions:

    1. If extensionId is not supported by this client platform or is not a registration extension,

to produce the extension data that needs to be sent to the authenticator. If an error is encountered while processing an extension, skip that extension and do not produce any extension data for it. Call the result of this processing clientExtensions.
  • Use attestationChallenge, callerOrigin and rpId, along with the token binding key associated with callerOrigin (if any), to create a ClientData structure representing this request. Choose a hash algorithm for hashAlg and compute the clientDataJSON and its clientDataHash.

  • Initialize issuedRequests and currentlyAvailableAuthenticators to empty lists.

  • For each authenticator currently available on this platform, add the authenticator to currentlyAvailableAuthenticators unless the attachment member of options is present. In that case, let attachment be attachment, and add the authenticator to currentlyAvailableAuthenticators if its attachment modality matches attachment.

  • For each authenticator in currentlyAvailableAuthenticators: asynchronously invoke the authenticatorMakeCredential operation on that authenticator with rpId, clientDataHash, accountInformation, normalizedParameters, excludeList and clientExtensions as parameters. Add a corresponding entry to issuedRequests.

    For each credential C in the excludeList member of options that has a non-empty transports list, optionally use only the specified transports to test for the existence of C
      1. then continue.

      2. Set clientExtensions[extensionId] to clientExtensionInput.

      3. If extensionId is not an authenticator extension, then continue.

      4. Let authenticatorExtensionInput be the (CBOR) result of running extensionId’s client extension processing algorithm on clientExtensionInput. If the algorithm returned an error, continue.

      5. Set authenticatorExtensions[extensionId] to the base64url encoding of authenticatorExtensionInput.

    1. Let collectedClientData be a new CollectedClientData instance whose fields are:

      challenge

      The base64url encoding of options.challenge

      origin

      The unicode serialization of rpId

      hashAlg

      The recognized algorithm name of the hash algorithm selected by the client for generating the hash of the serialized client data

      tokenBinding

      The Token Binding ID associated with callerOrigin, if one is available.

      clientExtensions

      clientExtensions

      authenticatorExtensions

      authenticatorExtensions

    2. Let clientDataJSON be the JSON-serialized client data constructed from collectedClientData.

    3. Let clientDataHash be the hash of the serialized client data represented by clientDataJSON.

    4. Let currentlyAvailableAuthenticators be a new ordered set consisting of all authenticators available on this platform.

    5. Let selectedAuthenticators be a new ordered set.

    6. If currentlyAvailableAuthenticators is empty, return a DOMException whose name is "NotFoundError", and terminate this algorithm.

    7. If options.authenticatorSelection is present, iterate through currentlyAvailableAuthenticators and do the following for each authenticator:

      1. If attachment is present and its value is not equal to authenticator’s attachment modality, continue.

      2. If requireResidentKey is set to true and the authenticator is not capable of storing a Client-Side-Resident Credential Private Key, continue.

      3. Append authenticator to selectedAuthenticators.

    8. If selectedAuthenticators is empty, return a DOMException whose name is "ConstraintError", and terminate this algoritm.

    9. Let issuedRequests be a new ordered set.

    10. For each authenticator in currentlyAvailableAuthenticators:

      1. Let excludeList be a new list.

      2. For each credential C in options.excludeList:

        1. If C.transports is not empty, and authenticator is connected over a transport not mentioned in C.transports, the client MAY continue.

        2. Otherwise, Append C to excludeList.

      3. In parallel, invoke the authenticatorMakeCredential operation on authenticator with rpId, clientDataHash, options.rp, options.user, normalizedParameters, excludeList, and authenticatorExtensions as parameters.

      4. Append authenticator to issuedRequests.

    11. Start a timer for adjustedTimeout milliseconds. Then execute the following steps in parallel. The task source for these tasks is the dom manipulation task source.

    12. While issuedRequests is not empty, perform the following actions depending upon the adjustedTimeout timer and responses from the authenticators:

      If the adjustedTimeout timer expires,
    then for
    1. For each
    entry
    1. authenticator in issuedRequests invoke the authenticatorCancel operation on
    that
    1. authenticator and remove
    its entry
    1. authenticator from
    the list
    1. issuedRequests.
    1. If any authenticator returns a status indicating that the user cancelled the operation,
    delete that authenticator’s entry
      1. Remove authenticator from issuedRequests.

      2. For each remaining

    entry
      1. authenticator in issuedRequests invoke the authenticatorCancel operation on

    that
      1. authenticator and remove

    its entry
      1. it from

    the list
      1. issuedRequests.

      If any authenticator returns an error status,
    delete the corresponding entry
    1. Remove authenticator from issuedRequests.
    1. If any authenticator indicates success
    :
    1. ,
      1. Remove

    this authenticator’s entry For each remaining entry
      1. authenticator from issuedRequests.

  • Create a new ScopedCredentialInfo object named value and populate its fields with the values returned from the authenticator as well as the clientDataJSON computed earlier.

      1. Let attestationObject be a new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of the value returned from the successful authenticatorMakeCredential operation (which is attObj, as defined in §5.3.4 Generating an Attestation Object).

      2. Let id be attestationObject.authData.attestation data.credential ID (see §5.3.1 Attestation data and §5.1 Authenticator data).

      3. Let value be a new PublicKeyCredential object associated with global whose fields are:

        [[identifier]]

        id

        response

        A new AuthenticatorAttestationResponse object associated with global whose fields are:

        clientDataJSON

        A new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of clientDataJSON.

        attestationObject

        attestationObject

        clientExtensionResults

        A new AuthenticationExtensions object containing the extension identifierclient extension output entries created by running each extension’s client extension processing algorithm to create the client extension outputs, for each client extension in clientDataJSON.clientExtensions.

      4. For each remaining authenticator in issuedRequests invoke the authenticatorCancel operation on

    that
      1. authenticator and remove

    its entry
      1. it from

    the list
      1. issuedRequests.

    Resolve promise with
      1. Return value and terminate this algorithm.

    Reject promise with
    1. Return a DOMException whose name is "NotAllowedError"

    , and terminate this algorithm
    1. .

    During the above process, the user agent SHOULD show some UI to the user to guide them in the process of selecting and authorizing an authenticator.

    4.1.

    2

    4. Use an existing credential -

    getAssertion(

    PublicKeyCredential::[[DiscoverFromExternalSource]](options) method

    This
    The [[DiscoverFromExternalSource]](options) method is used to discover and use an existing
    scoped
    public key credential, with the user’s consent. The script optionally specifies some criteria to indicate what credentials are acceptable to it. The user agent and/or platform locates credentials matching the specified criteria, and guides the user to pick one that the script
    should
    will be allowed to use. The user may choose not to provide a credential even if one is present, for example to maintain privacy.

    Note: This algorithm is synchronous; the Promise resolution/rejection is taken care of by navigator.credentials.get().

    This method takes the following parameters:
    The assertionChallenge parameter contains
    options

    A CredentialRequestOptions object, containing a challenge that the selected authenticator is expected to sign to produce the assertion

    .The optional options parameter specifies

    , and additional options

    ,

    as described in §4.

    7 Additional options
    AssertionOptions
    .

    When this method is invoked, the user agent MUST execute the following algorithm:

    1. Let publicKeyOptions be the value of options publicKey member.

    2. If the timeout member of

    options
    1. publicKeyOptions is present, check if its value lies within a reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set adjustedTimeout to this adjusted value. If the timeout

    was not specifiedSet callerOrigin to the current settings object’s origin
    1. member of publicKeyOptions is not present, then set adjustedTimeout to a platform-specific default.

    2. Let

    promise be a new Promise. Return promise and start a timer for adjustedTimeout milliseconds. Then asynchronously continue executing the following steps. If any fatal error is encountered in this process other than the ones enumerated below, cancel the timer, reject promise with a DOMException whose name is "UnknownError", and terminate this algorithm.
    1. global be the PublicKeyCredential's relevant settings object's environment settings object’s global object.

    2. Let callerOrigin be the origin of this CredentialsContainer object’s relevant settings object. If callerOrigin is an opaque origin,

    reject promise with a
    1. return DOMException whose name is "NotAllowedError", and terminate this algorithm.

    Otherwise,
    1. If the rpId member of

    options
    1. publicKeyOptions is not present, then set rpId to callerOrigin. Otherwise:

    If the rpId member of options is present, then invoke the procedure used for relaxing the same-origin restriction by setting the document.domain attribute, using rpId as the given value but without changing the current document’s domain. If no errors are thrown, set rpId to the value of host as computed by this procedure. Otherwise, reject promise with
      1. Let effectiveDomain be the callerOrigin’s effective domain.

      2. If effectiveDomain is null, then return a DOMException whose name is "SecurityError" and terminate this algorithm.

      3. If rpId is not a registrable domain suffix of and is not equal to effectiveDomain, return a DOMException whose name is "SecurityError", and terminate this algorithm.

      4. Set rpId to the rpId.

    1. Let clientExtensions be a new map and let authenticatorExtensions be a new map.

    2. If the extensions member of

    options
    1. publicKeyOptions is present,

    process any extensions
    1. then for each extensionIdclientExtensionInput of publicKeyOptions.extensions:

      1. If extensionId is not supported by this client platform or is not an authentication extension,

    to produce the extension data that needs to be sent to the authenticator. If an error is encountered while processing an extension, skip that extension and do not produce any extension data for it. Call the result of this processing clientExtensions.
  • Use assertionChallenge, callerOrigin and rpId, along with the token binding key associated with callerOrigin (if any), to create a ClientData structure representing this request. Choose a hash algorithm for hashAlg and compute the clientDataJSON and clientDataHash.

  • Initialize issuedRequests to an empty list.

      1. then continue.

      2. Set clientExtensions[extensionId] to clientExtensionInput.

      3. If extensionId is not an authenticator extension, then continue.

      4. Let authenticatorExtensionInput be the (CBOR) result of running extensionId’s client extension processing algorithm on clientExtensionInput. If the algorithm returned an error, continue.

      5. Set authenticatorExtensions[extensionId] to the base64url encoding of authenticatorExtensionInput.

    1. Let collectedClientData be a new CollectedClientData instance whose fields are:

      challenge

      The base64url encoding of publicKeyOptions.challenge

      origin

      The unicode serialization of rpId

      hashAlg

      The recognized algorithm name of the hash algorithm selected by the client for generating the hash of the serialized client data

      tokenBinding

      The Token Binding ID associated with callerOrigin, if one is available.

      clientExtensions

      clientExtensions

      authenticatorExtensions

      authenticatorExtensions

    2. Let clientDataJSON be the JSON-serialized client data constructed from collectedClientData.

    3. Let clientDataHash be the hash of the serialized client data represented by clientDataJSON.

    4. Let issuedRequests be a new ordered set.

    5. If there are no authenticators currently available on this platform, return a DOMException whose name is "NotFoundError", and terminate this algorithm.

    6. For each authenticator currently available on this platform, perform the following steps:

    If the allowList member of options is empty, let credentialList be an empty list. Otherwise,
      1. Let credentialList be a new list.

      2. If publicKeyOptions.allowList is not empty, execute a platform-specific procedure to determine which, if any, credentials

    listed
      1. in publicKeyOptions.allowList

    might be For
      1. are present on this authenticator by matching with publicKeyOptions.allowList.id and publicKeyOptions.allowList.type, and set credentialList to this filtered list.

      2. If

    no such filtering is possible, set credentialList to an empty list.
      1. credentialList is empty then continue.

      2. In parallel, for each credential C

    within the credentialList that has a non-empty transports list, optionally use only the specified transports to get assertions using credential C.
  • If the above filtering process concludes that none of the credentials on the allowList can possibly be on this authenticator, do not perform any of the following steps for this authenticator, and proceed to the next authenticator (if any).

  • Asynchronously
      1. in credentialList:

        1. If C.transports is not empty, the client SHOULD select one transport from transports. Then, using transport, invoke the authenticatorGetAssertion operation on authenticator, with rpId, clientDataHash, credentialList, and authenticatorExtensions as parameters.

        2. Otherwise, using local configuration knowledge of the appropriate transport to use with authenticator, invoke the authenticatorGetAssertion operation on

    this
        1. authenticator with rpId, clientDataHash, credentialList, and clientExtensions as parameters.

    Add an entry
      1. Append authenticator to issuedRequests

    , corresponding to this request.
      1. .

    1. Start a timer for adjustedTimeout milliseconds. Then execute the following steps in parallel. The task source for these tasks is the dom manipulation task source.

    2. While issuedRequests is not empty, perform the following actions depending upon the adjustedTimeout timer and responses from the authenticators:

      If the adjustedTimeout timer
    for adjustedTimeout
    1. expires,
    then for
    1. For each
    entry
    1. authenticator in issuedRequests invoke the authenticatorCancel operation on
    that
    1. authenticator and remove
    its entry
    1. authenticator from
    the list
    1. issuedRequests.
    1. If any authenticator returns a status indicating that the user cancelled the operation,
    delete that authenticator’s entry
      1. Remove authenticator from issuedRequests.

      2. For each remaining

    entry
      1. authenticator in issuedRequests invoke the authenticatorCancel operation on

    that
      1. authenticator

    ,
      1. and remove

    its entry
      1. it from

    the list
      1. issuedRequests.

      If any authenticator returns an error status,
    delete the corresponding entry
    1. Remove authenticator from issuedRequests.
    1. If any authenticator
    returns
    1. indicates success
    :
    1. ,
      1. Remove

    this authenticator’s entry For each remaining entry
      1. authenticator from issuedRequests.

  • Create a new AuthenticationAssertion object named value and populate its fields with the values returned from the authenticator as well as the clientDataJSON computed earlier.

      1. Let value be a new PublicKeyCredential associated with global whose fields are:

        [[identifier]]

        A new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of the credential ID returned from the successful authenticatorGetAssertion operation, as defined in [#op-get-assertion]].

        response

        A new AuthenticatorAssertionResponse object associated with global whose fields are:

        clientDataJSON

        A new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of clientDataJSON

        authenticatorData

        A new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of the returned authenticatorData

        signature

        A new ArrayBuffer, created using global’s %ArrayBuffer%, containing the bytes of the returned signature

        clientExtensionResults

        A new AuthenticationExtensions object containing the extension identifierclient extension output entries created by running each extension’s client extension processing algorithm to create the client extension outputs, for each client extension in clientDataJSON.clientExtensions.

      2. For each remaining authenticator in issuedRequests invoke the authenticatorCancel operation on

    that
      1. authenticator and remove

    its entry
      1. it from

    the list
      1. issuedRequests.

    Resolve promise with
      1. Return value and terminate this algorithm.

    Reject promise with
    1. Return a DOMException whose name is "NotAllowedError"

    , and terminate this algorithm
    1. .

    During the above process, the user agent SHOULD show some UI to the user to guide them in the process of selecting and authorizing an authenticator with which to complete the operation.

    4.2.

    Information about Scoped Credential

    Authenticator Responses (interface

    ScopedCredentialInfo

    AuthenticatorResponse)

    Authenticators respond to relying party requests by returning an object derived from the AuthenticatorResponse interface:

    [SecureContext]
    interface ScopedCredentialInfoAuthenticatorResponse {
        readonly    attribute ArrayBuffer   clientDataJSON;
        readonly    attribute ArrayBuffer   attestationObject;
    };
    
    clientDataJSON, of type ArrayBuffer, readonly

    This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().

    4.2.1. Information about Public Key Credential (interface AuthenticatorAttestationResponse)

    The AuthenticatorAttestationResponse interface represents

    a newly-created scoped

    the authenticator's response to a client’s request for the creation of a new public key credential. It contains information about the new credential that can be used to

    locate

    identify it for later

    for

    use, and

    also contains

    metadata that can be used by the Relying Party to assess the

    strength

    characteristics of the credential during registration.

    The clientDataJSON attribute contains the clientDataJSON
    [SecureContext]
    interface AuthenticatorAttestationResponse : AuthenticatorResponse {
        readonly attribute ArrayBuffer attestationObject;
    };
    
    
    clientDataJSON

    This attribute, inherited from AuthenticatorResponse, contains the JSON-serialized client data (see §5.3 Credential Attestation) passed to the authenticator by the client in order to generate this credential. The exact JSON serialization must be preserved, as

    a cryptographic hash (clientDataHash)

    the hash of the serialized client data has been computed over it.

    The attestationObject
    attestationObject, of type ArrayBuffer, readonly

    This attribute contains an attestation object

    . The contents of this object are determined by the attestation statement format used by the authenticator. This object

    , which is opaque to, and cryptographically protected against tampering by, the client.

    It contains the credential’s unique identifier, credential public key, and attestation statement

    The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the Relying Party’s server requires to validate the attestation statement, as well as to decode and validate the

    bindings of both the client and authenticator

    authenticator data along with the JSON-serialized client data. For more details, see §5.3 Credential Attestation as well as Figure 3.

    4.

    3. User Account Information (dictionary Account)dictionary Account { required DOMString rpDisplayName; required DOMString displayName; required DOMString id

    2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)

    The AuthenticatorAssertionResponse interface represents an authenticator's response to a client’s request for generation of a new authentication assertion given the Relying Party's challenge and optional list of credentials it is aware of. This response contains a cryptographic signature proving possession of the credential private key, and optionally evidence of user consent to a specific transaction.

    [SecureContext]
    interface AuthenticatorAssertionResponse : AuthenticatorResponse {
        readonly attribute ArrayBuffer      authenticatorData;
        DOMStringreadonly attribute ArrayBuffer        name;
        DOMString          imageURL;
    signature;
    };
    
    This dictionary is used by the caller to specify information about the user account and Relying Party with which a credential is to be associated. It is intended to help the authenticator in providing a friendly credential selection interface for the user. The rpDisplayName member contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site".The displayName member contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith".The id member contains an identifier for the account, specified by the Relying Party. This is not meant to be displayed to the user. It is used by the Relying Party to control the number of credentials - an authenticator will never contain more than one credential for a given Relying Party under the same id.The name member contains a detailed name for the account, such as "john.p.smith@example.com".The imageURL member contains a URL that resolves to the user’s account image. This may be a URL that can be used to retrieve an image containing the user’s current avatar, or a data URI that contains the image data.4.4
    clientDataJSON

    This attribute, inherited from AuthenticatorResponse, contains the JSON-serialized client data (see §4.8.1 Client data used in WebAuthn signatures (dictionary CollectedClientData)) passed to the authenticator by the client in order to generate this assertion. The exact JSON serialization must be preserved, as the hash of the serialized client data has been computed over it.

    authenticatorData, of type ArrayBuffer, readonly

    This attribute contains the authenticator data returned by the authenticator. See §5.1 Authenticator data.

    signature, of type ArrayBuffer, readonly

    This attribute contains the raw signature returned from the authenticator. See §5.2.2 The authenticatorGetAssertion operation.

    4.3. Parameters for Credential Generation (dictionary

    ScopedCredentialParameters

    PublicKeyCredentialParameters)

    dictionary ScopedCredentialParametersPublicKeyCredentialParameters {
        required ScopedCredentialTypePublicKeyCredentialType  type;
        required AlgorithmIdentifier   algorithm;
    };
    
    This dictionary is used to supply additional parameters when creating a new credential.

    The type member specifies the type of credential to be created.

    The algorithm member specifies the cryptographic signature algorithm with which the newly generated credential will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.

    4.

    5. Additional options

    4. User Account Parameters for Credential Generation (dictionary

    ScopedCredentialOptions

    PublicKeyCredentialUserEntity)

    dictionary ScopedCredentialOptionsPublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
        unsignedDOMString longdisplayName;
    };
    
    
    This dictionary is used to supply additional parameters about the user account when creating a new credential.

    The displayName member contains a friendly name for the user account (e.g., "John P. Smith").

    4.5. Options for Credential Creation (dictionary MakeCredentialOptions)

    dictionary MakeCredentialOptions {
        required PublicKeyCredentialEntity rp;
        required PublicKeyCredentialUserEntity user;
    
        timeout;required BufferSource    USVString                     challenge;
        required sequence<PublicKeyCredentialParameters> rpIdparameters;
    
       sequence<ScopedCredentialDescriptor> excludeListunsigned =long [];     Attachment                  timeout;
        sequence<PublicKeyCredentialDescriptor> excludeList;
      attachment  AuthenticatorSelectionCriteria       authenticatorSelection;
        AuthenticationExtensions             extensions;
    };
    
    This dictionary is used to supply additional options when creating a new credential. All these parameters are optional. The timeout parameter
    rp, of type PublicKeyCredentialEntity

    This member contains data about the relying party responsible for the request.

    Its value’s name member is required, and contains the friendly name of the relying party (e.g. "Acme Corporation", "Widgets, Inc.", or "Awesome Site".

    Its value’s id member specifies the relying party identifier with which the credential should be associated. If this identifier is not explicitly set, it will default to the ASCII serialization of the CredentialsContainer object’s relevant settings object's origin.

    user, of type PublicKeyCredentialUserEntity

    This member contains data about the user account for which the relying party is requesting attestation.

    Its value’s name member is required, and contains a name for the user account (e.g., "john.p.smith@example.com" or "+14255551234").

    Its value’s displayName member is required, and contains a friendly name for the user account (e.g., "John P. Smith").

    Its value’s id member is required, and contains an identifier for the account, specified by the relying party. This is not meant to be displayed to the user, but is used by the relying party to control the number of credentials - an authenticator will never contain more than one credential for a given relying party under the same id.

    challenge, of type BufferSource

    This member contains a challenge intended to be used for generating the newly created credential’s attestation object.

    parameters, of type sequence<PublicKeyCredentialParameters>

    This member contains information about the desired properties of the credential to be created. The sequence is ordered from most preferred to least preferred. The platform makes a best-effort to create the most preferred credential that it can.

    timeout, of type unsigned long

    This member specifies a time, in milliseconds, that the caller is willing to wait for the call to complete. This is treated as a hint, and may be overridden by the platform.

    The rpId parameter explicitly specifies the RP ID that the credential should be associated with. If it is omitted, the RP ID will be set to the current settings object’s origin.The excludeList parameter
    excludeList, of type sequence<PublicKeyCredentialDescriptor>

    This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator. The platform is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.

    The extensions parameter
    authenticatorSelection, of type AuthenticatorSelectionCriteria

    This member is intended for use by Relying Parties that wish to select the appropriate authenticators to participate in the create() or get() operation.

    extensions, of type AuthenticationExtensions

    This member contains additional parameters requesting additional processing by the client and authenticator. For example, the caller may request that only authenticators with certain

    capabilities

    capabilies be used to create the credential, or that particular information be returned in the attestation object.

    The caller may also specify an additional message that they would like the authenticator to display to the user. Extensions

    Some extensions are defined in §8 WebAuthn Extensions; consult the IANA "WebAuthn Extension Identifier" registry established by [WebAuthn-Registries] for an up-to-date list of registered WebAuthn Extensions.

    The attachment parameter contains authenticator attachment descriptions, which are used as an additional constraint on which authenticators are eligible to participate in a §4.1.1 Create a new credential - makeCredential() method or