Home

authenticatorSelection

authenticatorSelection is a parameter used in the Web Authentication (WebAuthn) API, specifically as part of PublicKeyCredentialCreationOptions. It allows a relying party to specify criteria for selecting an authenticator during credential creation. By setting these criteria, a relying party can influence which type of authenticator is considered acceptable and, in some cases, whether a user’s device can satisfy the request.

The authenticatorSelection object can include several criteria:

- authenticatorAttachment: indicates the desired category of authenticator. Values typically include "platform" for built-in authenticators on the

- requireResidentKey: a boolean value that expresses whether a resident key (a credential stored on the authenticator)

- userVerification: indicates the level of user verification that should be performed by the authenticator. Possible values

Notes and behavior:

- authenticatorSelection is optional; omitting it lets the platform decide the best available authenticator.

- Support for these criteria depends on the device, browser, and authenticators available. If the criteria cannot

See also: WebAuthn, PublicKeyCredentialCreationOptions, AuthenticatorSelection.

device
and
"cross-platform"
for
external
authenticators
such
as
security
keys.
This
helps
steer
the
operation
toward
a
preferred
hardware
or
environment.
is
required.
If
true,
the
authenticator
must
be
able
to
create
or
store
a
resident
key;
if
false,
non-resident
credentials
may
be
allowed.
are
generally
"required,"
"preferred,"
or
"discouraged,"
guiding
whether
the
user
must
verify
their
identity
during
the
operation.
be
satisfied,
credential
creation
may
fail
or
fall
back
to
a
different
authenticating
method.