Table of Contents

Class PublicKeyCredential

Namespace
CSharpToJavaScript.APIs.JS
Assembly
CSharpToJavaScript.dll

The PublicKeyCredential interface provides information about a public key / private key pair, which is a credential for logging in to a service using an un-phishable and data-breach resistant asymmetric key pair instead of a password. It inherits from Credential, and is part of the Web Authentication API extension to the Credential Management API.

[Value("PublicKeyCredential")]
public class PublicKeyCredential : Credential
Inheritance
PublicKeyCredential
Inherited Members

Remarks

NOTE

This API is restricted to top-level contexts. Use from within an iframe element will not have any effect.

-The parent interface Credential

See also on MDN

Constructors

PublicKeyCredential() 

public PublicKeyCredential()

Properties

AuthenticatorAttachment

The authenticatorAttachment read-only property of the PublicKeyCredential interface is a string that indicates the general category of authenticator used during the associated Create(CredentialCreationOptions) or Get(CredentialRequestOptions) call.

[Value("authenticatorAttachment")]
public string? AuthenticatorAttachment { get; }

Property Value

string

A string, which will be one of the following values:

Remarks

See also on MDN

RawId

The rawId read-only property of the
PublicKeyCredential interface is an {{jsxref("ArrayBuffer")}} object
containing the identifier of the credentials.

[Value("rawId")]
public ArrayBuffer RawId { get; }

Property Value

ArrayBuffer

A ArrayBuffer containing the identifier of the credentials. This
identifier is expected to be globally unique and is appointed for the current
PublicKeyCredential and its associated
AuthenticatorAssertionResponse.

Remarks

The PublicKeyCredential.Id property is a base64url encoded version of this identifier.

NOTE

This property may only be used in top-level contexts and will
not be available in an iframe for example.

See also on MDN

Response

The response read-only property of the
PublicKeyCredential interface is an AuthenticatorResponse
object which is sent from the authenticator to the user agent for the creation/fetching
of credentials. The information contained in this response will be used by the relying
party's server to verify the demand is legitimate.

[Value("response")]
public AuthenticatorResponse Response { get; }

Property Value

AuthenticatorResponse

An AuthenticatorResponse object containing the data a relying party's
script will receive and which should be sent to the relying party's server in order to
validate the demand for creation or fetching. This object contains data from the client
(AuthenticatorResponseclientDataJSON) and from the authenticator.

Remarks

An AuthenticatorResponse is either:

In order to validate the creation of credentials, a relying party's server
needs both:

NOTE

When validating the fetching of existing credentials, the
whole PublicKeyCredential object and the client extensions are necessary
for the relying party's server.

NOTE

This property may only be used in top-level contexts and will
not be available in an iframe for example.

See also on MDN

Methods

GetClientCapabilities()

The getClientCapabilities() static method of the PublicKeyCredential interface returns a {{jsxref("Promise")}} that resolves with an object that can be used to check whether or not particular WebAuthn client capabilities and extensions are supported.

[Value("getClientCapabilities")]
public static Task<Dictionary<string, bool>> GetClientCapabilities()

Returns

Task<Dictionary<string, bool>>

A Promise that resolves to an object where the property names are the client capability strings, and the values are boolean values that indicate whether or not the corresponding capability or extension is supported.The WebAuthn client capability strings are:The web extension strings are formatted by prefixing the extension identifier with the prefix extension:.
For example, the key extension:appid can be used to check if the appid extension is supported.

Remarks

A relying party (RP) can use this information to appropriately customize its sign-in and sign-up user interfaces and workflows.

-Web Authentication API

See also on MDN

GetClientExtensionResults()

The getClientExtensionResults() method of the PublicKeyCredential interface returns an object mapping the identifiers of extensions requested during credential creation or authentication, and their results after processing by the user agent.

[Value("getClientExtensionResults")]
public AuthenticationExtensionsClientOutputs GetClientExtensionResults()

Returns

AuthenticationExtensionsClientOutputs

An object with each entry being an extensions&apos; identifier string as the key, and the output from the processing of the extension by the client as the value.

Remarks

During the creation or fetching of a PublicKeyCredential (via Create(CredentialCreationOptions) and Get(CredentialRequestOptions) respectively), it is possible to request "custom" processing by the client for different extensions, specified in the publicKey option&apos;s extensions property. You can find more information about requesting the different extensions in Web Authentication extensions.

NOTE

getClientExtensionResults() only returns the results from extensions processed by the user agent (client). The results from extensions processed by the authenticator can be found in the authenticator data available in AuthenticatorData.

-The list of the currently defined extensions
-AuthenticatorData which contains the
result of the authenticator&apos;s extensions processing

See also on MDN

IsConditionalMediationAvailable()

The isConditionalMediationAvailable() static method of the PublicKeyCredential interface returns a {{jsxref("Promise")}} which resolves to true if conditional mediation is available.

[Value("isConditionalMediationAvailable")]
public static Task<bool> IsConditionalMediationAvailable()

Returns

Task<bool>

A Promise which resolves to a boolean value indicating whether or not conditional mediation is available.

Remarks

See also on MDN

IsUserVerifyingPlatformAuthenticatorAvailable()

The isUserVerifyingPlatformAuthenticatorAvailable() static method of the PublicKeyCredential interface returns a {{jsxref("Promise")}} which resolves to true if a user-verifying platform authenticator is present.

[Value("isUserVerifyingPlatformAuthenticatorAvailable")]
public static Task<bool> IsUserVerifyingPlatformAuthenticatorAvailable()

Returns

Task<bool>

A Promise which resolves to a boolean value indicating whether or a not a user-verifying platform authenticator is available.

NOTE
In earlier versions of the specification, the boolean also conveyed the consent of the user to disclose such an authenticator existed.

Remarks

A user-verifying platform authenticator is a kind of multi-factor authenticator that is part of the client device (it is generally not removable) and that involves an action from the user in order to identify them. Common user-verifying platform authenticators include:

NOTE

This method may only be used in top-level contexts and will not be available in an iframe for example.

-Windows Hello
-Web Authentication and Windows Hello - MSDN Guide and especially the special considerations mentioning isUserVerifyingPlatformAuthenticator()

See also on MDN

ParseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON)

The parseCreationOptionsFromJSON() static method of the PublicKeyCredential interface creates a PublicKeyCredentialCreationOptions object from a JSON representation of its properties.

[Value("parseCreationOptionsFromJSON")]
public static PublicKeyCredentialCreationOptions ParseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON options)

Parameters

options PublicKeyCredentialCreationOptionsJSON

Returns

PublicKeyCredentialCreationOptions

A PublicKeyCredentialCreationOptions object.

Remarks

The method is a convenience function for converting credential options information provided by a relying party server to the form that a web app can use to create a credential.

-Web Authentication API
-ParseRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON)
-ToJSON()

See also on MDN

ParseRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON)

The parseRequestOptionsFromJSON() static method of the PublicKeyCredential interface converts a {{glossary("JSON type representation")}} into a PublicKeyCredentialRequestOptions instance.

[Value("parseRequestOptionsFromJSON")]
public static PublicKeyCredentialRequestOptions ParseRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON options)

Parameters

options PublicKeyCredentialRequestOptionsJSON

Returns

PublicKeyCredentialRequestOptions

A PublicKeyCredentialRequestOptions instance.

Remarks

The method is a convenience function for converting information provided by a relying server to a web app in order to request an existing credential.

-Web Authentication API
-ParseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON)

See also on MDN

SignalAllAcceptedCredentials(AllAcceptedCredentialsOptions)

The signalAllAcceptedCredentials() static method of the PublicKeyCredential interface signals to the authenticator all of the valid credential IDs that the relying party (RP) server still holds for a particular user.

[Value("signalAllAcceptedCredentials")]
public static Task<GlobalObject.Undefined> SignalAllAcceptedCredentials(AllAcceptedCredentialsOptions options)

Parameters

options AllAcceptedCredentialsOptions

Returns

Task<GlobalObject.Undefined>

A Promise that resolves to GlobalObject.Undefined.

Remarks

This allows the authenticator to update credential information, removing all credentials that are no longer recognized by the RP, such as those for deleted accounts. The method should be called each time a user authenticates with the RP.

signalAllAcceptedCredentials() should only be called when the current user is authenticated — after sign up or sign-in, or when the user deletes a credential — as it exposes sensitive information belonging to the user.

-SignalCurrentUserDetails(CurrentUserDetailsOptions)
-SignalUnknownCredential(UnknownCredentialOptions)
-Keep passkeys consistent with credentials on your server with the Signal API on developer.chrome.com (2024)

See also on MDN

SignalCurrentUserDetails(CurrentUserDetailsOptions)

The signalCurrentUserDetails() static method of the PublicKeyCredential interface signals to the authenticator that a particular user has updated their user name and/or display name on the relying party (RP) server.

[Value("signalCurrentUserDetails")]
public static Task<GlobalObject.Undefined> SignalCurrentUserDetails(CurrentUserDetailsOptions options)

Parameters

options CurrentUserDetailsOptions

Returns

Task<GlobalObject.Undefined>

A Promise that resolves to GlobalObject.Undefined.

Remarks

This allows the authenticator to update user account details, to make sure they stay in sync with those held by the RP. It should only be used when the current user is authenticated — after sign in, or when they change the metadata associated with their credentials on the RP web app.

-SignalAllAcceptedCredentials(AllAcceptedCredentialsOptions)
-SignalUnknownCredential(UnknownCredentialOptions)
-Keep passkeys consistent with credentials on your server with the Signal API on developer.chrome.com (2024)

See also on MDN

SignalUnknownCredential(UnknownCredentialOptions)

The signalUnknownCredential() static method of the PublicKeyCredential interface signals to the authenticator that a credential ID was not recognized by the relying party (RP) server.

[Value("signalUnknownCredential")]
public static Task<GlobalObject.Undefined> SignalUnknownCredential(UnknownCredentialOptions options)

Parameters

options UnknownCredentialOptions

Returns

Task<GlobalObject.Undefined>

A Promise that resolves to GlobalObject.Undefined.

Remarks

This allows the authenticator to remove credentials that are not allowed by the RP, such as those for deleted accounts, or accounts that were created and stored on the authenticator but not properly updated on the server. Generally the method is called after sign in fails because the account details were not available to the RP. It can be used even when the current user is not authenticated because it does not expose sensitive information.

-SignalAllAcceptedCredentials(AllAcceptedCredentialsOptions)
-SignalCurrentUserDetails(CurrentUserDetailsOptions)
-Keep passkeys consistent with credentials on your server with the Signal API on developer.chrome.com (2024)

See also on MDN

ToJSON()

The toJSON() method of the PublicKeyCredential interface returns a {{glossary("JSON type representation")}} of a PublicKeyCredential.

[Value("toJSON")]
public Object ToJSON()

Returns

Object

A JSON type representation of a PublicKeyCredential object.The included properties depend on whether the credential was returned by navigator.credentials.create() on registration, or navigator.credentials.get() when authenticating a user.
The values and types of included properties are the same as for PublicKeyCredential, with the exception that base64url-encoded strings are used in place of buffer properties.The object properties are:

Remarks

The properties of the returned object depend on whether the credential is returned by navigator.credentials.create() when creating a key pair and registering a user, or navigator.credentials.get() when authenticating a user.

This method is automatically invoked when web app code calls JSON.stringify() to serialize a PublicKeyCredential so that it can be sent to relying party server when registering or authenticating a user.
It not intended to be called directly in web app code.

-Web Authentication API
-ParseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON)
-ParseRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON)

See also on MDN

Edit this page