mdn · sideshowbarker · Feb 25, 2023 · Feb 23, 2023 · Feb 25, 2023 · Feb 25, 2023
@@ -58,24 +58,41 @@ create(options)
     - `publicKey` {{optional_inline}}
       - : An object that describes the options for creating a [WebAuthn](/en-US/docs/Web/API/Web_Authentication_API) credential containing the following properties:
         - `rp`
-          - : An object describing the relying party which requested the credential creation.
+          - : An object describing the relying party which requested the credential creation. It should contain the following properties:
+            - `id` {{optional_inline}}
+              - : The ID of the Relying Party. If omitted the document origin will be used as default value.
+            - `name`
+              - : The name of the Relying Party. This is the name the user will be presented with when creating or validating a WebAuthn operation.
         - `user`
-          - : An object describing the user account for which the credential is generated.
+          - : An object describing the user account for which the credential is generated. It should contain the following properties:
+            - `id`: The unique user id of type {{jsxref("BufferSource")}}. This value cannot exceed 64 bytes.
+            - `name`: The user handle (ex: `john34`).
+            - `displayName`: A human-friendly user display name (ex: `John Doe`).
         - `challenge`
           - : An {{jsxref("ArrayBuffer")}}, a {{jsxref("TypedArray")}}, or a {{jsxref("DataView")}}
             emitted by the relying party's server and used as a [cryptographic challenge](https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication). This value will be signed by the authenticator and the signature will be sent back as part of {{domxref("AuthenticatorAttestationResponse.attestationObject")}}.
         - `pubKeyCredParams`
-          - : An {{jsxref("Array")}} of element which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations. This array is sorted by descending order of preference.
+          - : An {{jsxref("Array")}} of element which specify the desired features of the credential, including its type and the algorithm used for the cryptographic signature operations. This array is sorted by descending order of preference. Each item should be composed of the following properties:
+            - `alg`: A [COSE Algorithm Identifier](https://www.iana.org/assignments/cose/cose.xhtml#algorithms). For instance -257 refers to the algorithm RS256.
+            - `type`: Must be the string `public-key`.
         - `timeout` {{optional_inline}}
           - : A numerical hint, in milliseconds, which indicates the time the caller is willing to wait for the creation operation to complete. This hint may be overridden by the browser.
         - `excludeCredentials` {{optional_inline}}
-          - : An {{jsxref("Array")}} of descriptors for existing credentials. This is provided by the relying party to avoid creating new public key credentials for an existing user who already have some.
+          - : An {{jsxref("Array")}} of descriptors for existing credentials. This is provided by the relying party to avoid creating new public key credentials for an existing user who already have some. Each item should be of the form:
+            - `id`: The credential ID as a {{jsxref("BufferSource")}}.
+            - `type`: Must be the string `public-key`.
+            - `transports`: An {{jsxref("Array")}} of allowed transports. Possible values are: `usb`, `nfc`, `ble` and `internal`.
         - `authenticatorSelection` {{optional_inline}}
-          - : An object whose properties are criteria used to filter out the potential authenticators for the creation operation.
+          - : An object whose properties are criteria used to filter out the potential authenticators for the creation operation. Should contain the properties:
+            - `authenticatorAttachment` {{optional_inline}} : Allowed values are `platform` or `cross-platform`.
+            - `residentKey` {{optional_inline}} : Allowed values are `discouraged`, `preferred` or `required`. The default value is `required` if `requireResidentKey` is `true`, otherwise the default value is `discouraged`.
+            - `requireResidentKey` {{optional_inline}} : This property is deprecated. The value should be set to `true` if the `residentKey` is set to `required`.
+            - `userVerification` {{optional_inline}} : Allowed values are `discouraged`, `preferred` or `required`.
         - `attestation` {{optional_inline}}
-          - : A {{jsxref("String")}} which indicates how the attestation (for the authenticator's origin) should be transported.
+          - : A {{jsxref("String")}} which indicates how the attestation (for the authenticator's origin) should be transported. Should be one of `none`, `indirect`, `direct` or `enterprise`. The default value is `none`.
         - `extensions` {{optional_inline}}
           - : An object with several client extensions' inputs. Those extensions are used to request additional processing (e.g. dealing with legacy FIDO APIs credentials, prompting a specific text on the authenticator, etc.).
+      - : More information on these properties can be found on the [official W3C specification](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions)
 
 ### Return value