/Web APIs

CredentialsContainer: create() method

The create() method of the CredentialsContainer interface returns a Promise that resolves with a new Credential instance based on the provided options, or null if no Credential object can be created.

Note: This method is restricted to top-level contexts. Calls to it within an <iframe> element will resolve without effect.




options Optional

An object of type CredentialCreationOptions that contains options for the requested new Credentials object. It must include one of the options "password", "federated", or "publicKey". The options are:

password Optional

Either an HTMLFormElement, or a PasswordCredentialData object. TBD

  • id: (required) string Inherited from CredentialData.
  • name: string Optional TBD
  • iconURL: string Optional TBD
  • password: (required) string TBD
federated Optional

An FederatedCredentialInit object. Contains requirements for creating/obtaining federated credentials. The available options are:

  • id: (required) string Inherited from CredentialData.
  • name: string Optional TBD
  • iconURL: string Optional TBD
  • provider: (required) string TBD
  • protocol: string Optional TBD
publicKey Optional

An object that describes the options for creating a WebAuthn credential containing the following properties:


An object describing the relying party which requested the credential creation. It can contain the following properties:

id Optional

The ID of the relying party. If omitted, the document origin will be used as the default value.


The name of the relying party. This is the name the user will be presented with when creating or validating a WebAuthn operation.


An object describing the user account for which the credential is generated. It can contain the following properties:

  • id: A unique user id of type BufferSource. This value cannot exceed 64 bytes.
  • name: A user handle (ex: john34).
  • displayName: A human-friendly user display name (example: John Doe).

An ArrayBuffer, a TypedArray, or a DataView emitted by the relying party's server and used as a cryptographic challenge. This value will be signed by the authenticator and the signature will be sent back as part of AuthenticatorAttestationResponse.attestationObject.


An Array of items which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations. This array is sorted by descending order of preference. Each item can be composed of the following properties:

timeout Optional

A numerical hint, in milliseconds, which indicates the time the caller is willing to wait for the creation operation to complete. This hint may be overridden by the browser.

excludeCredentials Optional

An Array of descriptors for existing credentials. This is provided by the relying party to avoid creating new public key credentials for an existing user who already has some. Each item should be of the form:

  • id: The credential ID as a BufferSource.
  • type: Must be the string public-key.
  • transports: An Array of allowed transports. Possible transports are: usb, nfc, ble, and internal.
authenticatorSelection Optional

An object whose properties are criteria used to filter out the potential authenticators for the creation operation. Can contain the properties:

  • authenticatorAttachment Optional : Allowed values are platform or cross-platform.
  • residentKey Optional : Allowed values are discouraged, preferred, or required. The default value is required if requireResidentKey is true; otherwise the default value is discouraged.
  • requireResidentKey Optional : This property is deprecated. The value should be set to true if the residentKey is set to required.
  • userVerification Optional : Allowed values are discouraged, preferred, or required.
attestation Optional

A String which indicates how the attestation (for the authenticator's origin) should be transported. Should be one of none, indirect, direct, or enterprise. The default value is none.

extensions Optional

An object with several client extensions' inputs. Those extensions are used to request additional processing (e.g. dealing with legacy FIDO APIs credentials, prompting a specific text on the authenticator, etc.).

Return value

A Promise that resolves with a Credential instance, such as PasswordCredential, FederatedCredential, or PublicKeyCredential.


Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
create 60 18 60 No 47 13 60 60 60 44 13 8.0
publicKey_option 67 18 60 No 54 13 No 70 60 49 13 10.0

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.