-
Notifications
You must be signed in to change notification settings - Fork 937
config properties passkey
v1.0.1
object
(passkey)
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
acquire_on_registration | string |
Optional | cannot be null | Config |
acquire_on_login | string |
Optional | cannot be null | Config |
attestation_preference | string |
Optional | cannot be null | Config |
enabled | boolean |
Optional | cannot be null | Config |
limit | integer |
Optional | cannot be null | Config |
optional | boolean |
Optional | cannot be null | Config |
user_verification | string |
Optional | cannot be null | Config |
acquire_on_registration
configures how users are prompted creating a passkey on registration.
acquire_on_registration
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"always" |
Indicates that users are always prompted to create a passkey on registration. |
"conditional" |
Indicates that users are prompted to create a passkey on registration as long as the user does not have a password. If passwords are also conditionally acquired on registration, then users are given a choice as to what type of credential to create. |
"never" |
Indicates that users are never prompted to create a passkey on registration. |
The default value is:
"always"
acquire_on_login
configures how users are prompted creating a passkey on login.
acquire_on_login
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"always" |
Indicates that users are always prompted to create a passkey on login provided that they do not already have a passkey. |
"conditional" |
Indicates that users are prompted to create a passkey on login provided that they do not already have a passkey and do not have a password. If passkeys are also conditionally acquired on login then users are given a choice as to what type of credential to register. |
"never" |
Indicates that users are never prompted to create a passkey on login. |
The default value is:
"always"
attestation_preference
is used to specify the preference regarding attestation conveyance during
credential generation.
attestation_preference
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"direct" |
Indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator. |
"indirect" |
Indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements. |
"none" |
Indicates that the Relying Party is not interested in authenticator attestation. |
The default value is:
"direct"
enabled
determines whether users can create or authenticate with passkeys.
enabled
-
is optional
-
cannot be null
boolean
The default value is:
true
limit
defines the maximum number of passkeys a user can have.
limit
-
is optional
-
cannot be null
integer
The default value is:
10
optional
determines whether users must create a passkey when prompted. The last remaining passkey cannot be
deleted if passkeys are required (optional: false
).
It also takes part in determining the order of password and passkey acquisition
on login and registration (see also acquire_on_login
and acquire_on_registration
): if one credential type is
required (optional: false
) then that one takes precedence, i.e. is acquired first.
optional
-
is optional
-
cannot be null
boolean
The default value is:
true
user_verification
specifies the requirements regarding local authorization with an authenticator through
various authorization gesture modalities; for example, through a touch plus pin code,
password entry, or biometric recognition.
The setting applies to both WebAuthn registration and authentication ceremonies.
user_verification
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"required" |
Indicates that user verification is always required. |
"preferred" |
Indicates that user verification is preferred but will not fail the operation if no user verification was performed. |
"discouraged" |
Indicates that no user verification should be performed. |
The default value is:
"preferred"