PublicKeyCredential

Baseline Widely available *

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨September 2021⁩.

* Some parts of this feature may have varying levels of support.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The PublicKeyCredential interface provides information about a public key / private key pair, which is a credential for logging in to a service using an un-phishable and data-breach resistant asymmetric key pair instead of a password. It inherits from Credential, and is part of the Web Authentication API extension to the Credential Management API.

Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect.

Instance properties

PublicKeyCredential.authenticatorAttachment Read only: A string that indicates the mechanism by which the WebAuthn implementation is attached to the authenticator at the time the associated navigator.credentials.create() or navigator.credentials.get() call completes.
PublicKeyCredential.id Read only: Inherited from Credential and overridden to be the base64url encoding of PublicKeyCredential.rawId.
PublicKeyCredential.rawId Read only: An ArrayBuffer that holds the globally unique identifier for this PublicKeyCredential. This identifier can be used to look up credentials for future calls to navigator.credentials.get().
PublicKeyCredential.response Read only: An instance of an AuthenticatorResponse object. It is either of type AuthenticatorAttestationResponse if the PublicKeyCredential was the results of a navigator.credentials.create() call, or of type AuthenticatorAssertionResponse if the PublicKeyCredential was the result of a navigator.credentials.get() call.
PublicKeyCredential.type Read only: Inherited from Credential. Always set to public-key for PublicKeyCredential instances.

Static methods

PublicKeyCredential.getClientCapabilities(): Returns a Promise that resolves with an object that can be used to check whether or not particular WebAuthn capabilities and extensions are supported.
PublicKeyCredential.isConditionalMediationAvailable(): Returns a Promise which resolves to true if conditional mediation is available.
PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable(): Returns a Promise which resolves to true if an authenticator bound to the platform is capable of verifying the user.
PublicKeyCredential.parseCreationOptionsFromJSON(): Convenience method for deserializing server-sent credential registration data when registering a user with credentials.
PublicKeyCredential.parseRequestOptionsFromJSON(): Convenience method for deserializing server-sent credential request data when authenticating a (registered) user.
PublicKeyCredential.signalAllAcceptedCredentials(): Signals to the authenticator all of the valid credential IDs that the relying party server still holds for a particular user.
PublicKeyCredential.signalCurrentUserDetails(): Signals to the authenticator that a particular user has updated their user name and/or display name.
PublicKeyCredential.signalUnknownCredential(): Signals to the authenticator that a credential ID was not recognized by the relying party server, for example because it was deleted.

Instance methods

PublicKeyCredential.getClientExtensionResults(): If any extensions were requested, this method will return the results of processing those extensions.
PublicKeyCredential.toJSON(): Convenience method for creating a JSON string representation of a PublicKeyCredential for sending to the server when registering a user with credentials and authenticating a registered user.

Examples

Creating a new instance of PublicKeyCredential

Here, we use navigator.credentials.create() to generate a new credential.

const createCredentialOptions = {
  publicKey: {
    challenge: new Uint8Array([
      21, 31, 105 /* 29 more random bytes generated by the server */,
    ]),
    rp: {
      name: "Example CORP",
      id: "login.example.com",
    },
    user: {
      id: new Uint8Array(16),
      name: "canand@example.com",
      displayName: "Carina Anand",
    },
    pubKeyCredParams: [
      {
        type: "public-key",
        alg: -7,
      },
    ],
  },
};

navigator.credentials
  .create(createCredentialOptions)
  .then((newCredentialInfo) => {
    const response = newCredentialInfo.response;
    const clientExtensionsResults =
      newCredentialInfo.getClientExtensionResults();
  })
  .catch((err) => {
    console.error(err);
  });

Getting an existing instance of PublicKeyCredential

Here, we fetch an existing credential from an authenticator, using navigator.credentials.get().

const requestCredentialOptions = {
  publicKey: {
    challenge: new Uint8Array([
      /* bytes sent from the server */
    ]),
  },
};

navigator.credentials
  .get(requestCredentialOptions)
  .then((credentialInfoAssertion) => {
    // send assertion response back to the server
    // to proceed with the control of the credential
  })
  .catch((err) => {
    console.error(err);
  });

Specifications

Specification
Web Authentication: An API for accessing Public Key Credentials - Level 3 # iface-pkcredential

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on ⁨Jun 23, 2025⁩ by MDN contributors.

View this page on GitHub • Report a problem with this content