Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The response
read-only property of the PublicKeyCredential
interface is an AuthenticatorResponse
object which is sent from the authenticator to the user agent for the creation/fetching of credentials. The information contained in this response will be used by the relying party's server to verify the demand is legitimate.
An AuthenticatorResponse
is either:
- an
AuthenticatorAttestationResponse
(when thePublicKeyCredential
is created viaCredentialsContainer.create()
) - an
AuthenticatorAssertionResponse
(when thePublicKeyCredential
is obtained viaCredentialsContainer.get()
).
In order to validate the creation of credentials, a relying party's server needs both:
- this response
- the extensions of the client (given by
PublicKeyCredential.getClientExtensionResults()
) to validate the demand.
Note: When validating the fetching of existing credentials, the whole PublicKeyCredential
object and the client extensions are necessary for the relying party's server.
Note: This property may only be used in top-level contexts and will not be available in an <iframe>
for example.