response read-only property of the
PublicKeyCredential interface is an
AuthenticatorResponse object which is sent from the authenticator to the user agent for the creation/fetching of credentials. The information contained in this response will be used by the relying party's server to verify the demand is legitimate.
AuthenticatorResponse is either:
PublicKeyCredentialis created via
PublicKeyCredentialis obtained via
In order to validate the creation of credentials, a relying party's server needs both:
- this response
- the extensions of the client (given by
PublicKeyCredential.getClientExtensionResults()) to validate the demand.
Note: When validating the fetching of existing credentials, the whole
PublicKeyCredential object and the client extensions are necessary for the relying party's server.
Note: This property may only be used in top-level contexts and will not be available in an
<iframe> for example.