Skip to content

config properties passkey

GitHub Action edited this page Nov 7, 2024 · 6 revisions

Version

v1.2.1

passkey Type

object (passkey)

passkey Properties

Property Type Required Nullable Defined by
acquire_on_registration string Optional cannot be null Config
acquire_on_login string Optional cannot be null Config
attestation_preference string Optional cannot be null Config
enabled boolean Optional cannot be null Config
limit integer Optional cannot be null Config
optional boolean Optional cannot be null Config
user_verification string Optional cannot be null Config

acquire_on_registration

acquire_on_registration configures how users are prompted creating a passkey on registration.

acquire_on_registration

  • is optional

  • cannot be null

acquire_on_registration Type

string

acquire_on_registration Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"always" Indicates that users are always prompted to create a passkey on registration.
"conditional" Indicates that users are prompted to create a passkey on registration as long as the user does not have a password. If passwords are also conditionally acquired on registration, then users are given a choice as to what type of credential to create.
"never" Indicates that users are never prompted to create a passkey on registration.

acquire_on_registration Default Value

The default value is:

"always"

acquire_on_login

acquire_on_login configures how users are prompted creating a passkey on login.

acquire_on_login

  • is optional

  • cannot be null

acquire_on_login Type

string

acquire_on_login Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"always" Indicates that users are always prompted to create a passkey on login provided that they do not already have a passkey.
"conditional" Indicates that users are prompted to create a passkey on login provided that they do not already have a passkey and do not have a password. If passkeys are also conditionally acquired on login then users are given a choice as to what type of credential to register.
"never" Indicates that users are never prompted to create a passkey on login.

acquire_on_login Default Value

The default value is:

"always"

attestation_preference

attestation_preference is used to specify the preference regarding attestation conveyance during credential generation.

attestation_preference

  • is optional

  • cannot be null

attestation_preference Type

string

attestation_preference Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"direct" Indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.
"indirect" Indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements.
"none" Indicates that the Relying Party is not interested in authenticator attestation.

attestation_preference Default Value

The default value is:

"direct"

enabled

enabled determines whether users can create or authenticate with passkeys.

enabled

  • is optional

  • cannot be null

enabled Type

boolean

enabled Default Value

The default value is:

true

limit

limit defines the maximum number of passkeys a user can have.

limit

  • is optional

  • cannot be null

limit Type

integer

limit Default Value

The default value is:

10

optional

optional determines whether users must create a passkey when prompted. The last remaining passkey cannot be deleted if passkeys are required (optional: false).

It also takes part in determining the order of password and passkey acquisition on login and registration (see also acquire_on_login and acquire_on_registration): if one credential type is required (optional: false) then that one takes precedence, i.e. is acquired first.

optional

  • is optional

  • cannot be null

optional Type

boolean

optional Default Value

The default value is:

true

user_verification

user_verification specifies the requirements regarding local authorization with an authenticator through various authorization gesture modalities; for example, through a touch plus pin code, password entry, or biometric recognition.

The setting applies to both WebAuthn registration and authentication ceremonies.

user_verification

  • is optional

  • cannot be null

user_verification Type

string

user_verification Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"required" Indicates that user verification is always required.
"preferred" Indicates that user verification is preferred but will not fail the operation if no user verification was performed.
"discouraged" Indicates that no user verification should be performed.

user_verification Default Value

The default value is:

"preferred"
Clone this wiki locally