The create() method of the CredentialsContainer interface returns a Promise that resolves with a new Credential instance based on the provided options, or null if no Credential object can be created.

options Optional

An object of type CredentialCreationOptions that contains options for the requested new Credentials object. It must include one of the options "password", "federated", or "publicKey". The options are:

password Optional

Either an HTMLFormElement, or a PasswordCredentialData object. TBD

• id: (required) string Inherited from CredentialData.
• name: string Optional TBD
• iconURL: string Optional TBD
• password: (required) string TBD

federated Optional

An FederatedCredentialInit object. Contains requirements for creating/obtaining federated credentials. The available options are:

• id: (required) string Inherited from CredentialData.
• name: string Optional TBD
• iconURL: string Optional TBD
• provider: (required) string TBD
• protocol: string Optional TBD

publicKey Optional

An object that describes the options for creating a WebAuthn credential containing the following properties:

rp

An object describing the relying party which requested the credential creation. It can contain the following properties:

id Optional

The ID of the relying party. If omitted, the document origin will be used as the default value.

name

The name of the relying party. This is the name the user will be presented with when creating or validating a WebAuthn operation.

user

An object describing the user account for which the credential is generated. It can contain the following properties:

• id: A unique user id of type BufferSource. This value cannot exceed 64 bytes.
• name: A user handle (ex: john34).
• displayName: A human-friendly user display name (example: John Doe).

challenge

An ArrayBuffer, a TypedArray, or a DataView emitted by the relying party's server and used as a cryptographic challenge. This value will be signed by the authenticator and the signature will be sent back as part of AuthenticatorAttestationResponse.attestationObject.

pubKeyCredParams

An Array of items which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations. This array is sorted by descending order of preference. Each item can be composed of the following properties:

• alg: A COSE Algorithm Identifier. For instance, -257 refers to the algorithm RS256.
• type: Must be the string public-key.

timeout Optional

A numerical hint, in milliseconds, which indicates the time the caller is willing to wait for the creation operation to complete. This hint may be overridden by the browser.

excludeCredentials Optional

An Array of descriptors for existing credentials. This is provided by the relying party to avoid creating new public key credentials for an existing user who already has some. Each item should be of the form:

• id: The credential ID as a BufferSource.
• type: Must be the string public-key.
• transports: An Array of allowed transports. Possible transports are: usb, nfc, ble, and internal.

authenticatorSelection Optional

An object whose properties are criteria used to filter out the potential authenticators for the creation operation. Can contain the properties:

• authenticatorAttachment Optional : Allowed values are platform or cross-platform.
• residentKey Optional : Allowed values are discouraged, preferred, or required. The default value is required if requireResidentKey is true; otherwise the default value is discouraged.
• requireResidentKey Optional : This property is deprecated. The value should be set to true if the residentKey is set to required.
• userVerification Optional : Allowed values are discouraged, preferred, or required.

attestation Optional

A String which indicates how the attestation (for the authenticator's origin) should be transported. Should be one of none, indirect, direct, or enterprise. The default value is none.

extensions Optional

An object with several client extensions' inputs. Those extensions are used to request additional processing (e.g. dealing with legacy FIDO APIs credentials, prompting a specific text on the authenticator, etc.).

A Promise that resolves with a Credential instance, such as PasswordCredential, FederatedCredential, or PublicKeyCredential.