Credential Management API
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The Credential Management API enables a website to create, store, and retrieve credentials. A credential is an item which enables a system to make an authentication decision: for example, to decide whether to sign a user into an account. We can think of it as a piece of evidence that a user presents to a website to demonstrate that they really are the person they are claiming to be.
Concepts and usage
The central interface is the CredentialsContainer
, which is accessed through the navigator.credentials
property and provides three main functions:
create()
: create a new credential.store()
: store a new credential locally.get()
: retrieve a credential, which can then be used to log a user in.
The API supports four different types of credential, which are all represented as subclasses of Credential
:
Type | Interface |
---|---|
Password | PasswordCredential |
Federated identity | IdentityCredential , FederatedCredential (deprecated) |
One-time password (OTP) | OTPCredential |
Web Authentication | PublicKeyCredential |
The guide page Credential types gives an overview of the different credential types and how they are used.
Interfaces
Credential
-
Provides information about an entity as a prerequisite to a trust decision.
CredentialsContainer
-
Exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out. This interface is accessible from
navigator.credentials
. FederatedCredential
-
Provides information about credentials from a federated identity provider, which is an entity that a website trusts to correctly authenticate a user, and which provides an API for that purpose. OpenID Connect is an example of such a framework.
PasswordCredential
-
Provides information about a username/password pair.
Extensions to other interfaces
-
Returns the
CredentialsContainer
interface which exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out.
Specifications
Specification |
---|
Credential Management Level 1 |
Browser compatibility
api.Credential
BCD tables only load in the browser
api.CredentialsContainer
BCD tables only load in the browser
api.FederatedCredential
BCD tables only load in the browser
api.PasswordCredential
BCD tables only load in the browser