Index - Archive of obsolete content
447 firefox accounts firefox accounts, identity, landing, mozilla, fxa firefox accounts (fxa) is an identity provider that provides authentication and user profile data for mozilla cloud services.
... over the long term we envision that non-mozilla services and applications will also be able to delegate authentication to firefox accounts.
... 450 firefox accounts oauth dashboard authentication, firefox accounts, identity, mozilla, fxa fxa oauth credential management dashboard is a web application that lets you provision firefox accounts oauth credentials.
...And 4 more matches

SSL and TLS - Archive of obsolete content
both client and server authentication occur over ssl/tls.
...symmetric-key encryption is much faster than public-key encryption, but public-key encryption provides better authentication techniques.
... supported cipher suites for rsa cipher suites with the rsa key exchange that are commonly supported include the following: aes and sha message authentication.
...And 4 more matches

JavaScript crypto - Archive of obsolete content
mech_des_flag: must support ckm_cpmf_cbc, ckm_des_cbc, ckm_des3_cbc, ckm_cpmf_ecb, ckm_des_ecb, ckm_des3_ecb and the following functions: c_generatekey, c_encrypt, c_decrypt, c_wrapkey, c_unwrapkey pkcs11_mech_dh_flag: must support ckm_dh_pkcs_derive and ckm_dh_key_pair_gen and the following functions: c_derivekey, c_generatekeypair pkcs11_mech_md5_flag: hashing must be able to function without authentication.
... pkcs11_mech_sha1_flag: hashing must be able to function without authentication.
... pkcs11_mech_md2_flag: hashing must be able to function without authentication.* pkcs11_random_flag: use token's random number generator.
...And 3 more matches

sslintro.html
callbacks and helper functions allow you to specify such things as how authentication is accomplished and what happens if it fails.
...specifies a callback function to deal with a situation where authentication has failed.
...specifies a callback function for ssl to use when the server asks for client authentication information.
...And 3 more matches

nsIAuthInformation
netwerk/base/public/nsiauthinformation.idlscriptable a object that holds authentication information.
...after the user entered the authentication information, it should set the attributes of this object to indicate to the caller what was entered by the user.
... attributes attribute type description authenticationscheme autf8string the authentication scheme used for this request, if applicable.
...And 3 more matches

Index
after the user entered the authentication information, it should set the attributes of this object to indicate to the caller what was entered by the user.
... 342 nsiauthmodule interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference this method is called to get the next token in a sequence of authentication steps.
...it can be used to prompt users for authentication information, either synchronously or asynchronously.
...And 2 more matches

nsIAuthModule
netwerk/base/public/nsiauthmodule.idlscriptable this interface is intended to be used as server and client authentication service.
... methods getnexttoken() this method is called to get the next token in a sequence of authentication steps.
...adomain the authentication domain, which may be null if not applicable.
...And 2 more matches

Authorization - HTTP
header type request header forbidden header name no syntax authorization: <type> <credentials> directives <type> authentication type.
...other types: iana registry of authentication schemes authentification for aws servers (aws4-hmac-sha256) <credentials> if the "basic" authentication scheme is used, the credentials are constructed like this: the username and the password are combined with a colon (aladdin:opensesame).
...prefer to use https in conjunction with basic authentication.
...And 2 more matches

Proxy-Authenticate - HTTP
the http proxy-authenticate response header defines the authentication method that should be used to gain access to a resource behind a proxy server.
... the proxy-authenticate header is sent along with a 407 proxy authentication required.
... header type response header forbidden header name no syntax proxy-authenticate: <type> realm=<realm> directives <type> authentication type.
...And 2 more matches

Proxy-Authorization - HTTP
the http proxy-authorization request header contains the credentials to authenticate a user agent to a proxy server, usually after the server has responded with a 407 proxy authentication required status and the proxy-authenticate header.
... header type request header forbidden header name no syntax proxy-authorization: <type> <credentials> directives <type> authentication type.
...see also the iana registry of authentication schemes.
...And 2 more matches

WWW-Authenticate - HTTP
the http www-authenticate response header defines the authentication method that should be used to gain access to a resource.
... header type response header forbidden header name no syntax www-authenticate: <type> realm=<realm>[, charset="utf-8"] directives <type> authentication type.
...iana maintains a list of authentication schemes.
...And 2 more matches

Twitter - Archive of obsolete content
example: jetpack.lib.twitter.statuses.update({ data: { status: "o frabjous day!" }, username: "basic_auth_username", password: "basic_auth_password", success: function () console.log("hey!") }); user authentication you can supply a username and password to methods that require authentication using the second, more advanced call style described above.
...when you call a method that requires authentication -- such as jetpack.lib.twitter.statuses.update() -- without providing a username or password, firefox will prompt the user for them if she is not already authenticated with twitter.
... both methods use http basic authentication.
... see twitter's authentication documentation for related information.

Index - MDN Web Docs Glossary: Definitions of Web-related terms
70 challenge-response authentication security in security protocols, a challenge is some data sent to the client by the server in order to generate a different response each time.
... 76 cipher suite cryptography, glossary, security a cipher suite is a combination of a key exchange algorithm, authentication method, bulk encryption cipher, and message authentication code.
...cryptographic hash functions are used for authentication, digital signatures, and message authentication codes.
...this provides the basis for hmac's, which provide message authentication.

Phishing: a short definition
two-factor authentication none of the above anti-phishing measures address the basic problem: username/password combinations are often enough to impersonate users.
...if both factors don’t match, the service will reject authentication requests.
... public key cryptography many services will soon support w3c web authentication, a powerful technology to evade phishing, based on public key cryptography.
... web authentication supports millions of readily avilable fido u2f usb security keys, and will support the more advanced fido 2.0 keys, once made available.

nsIXmlRpcClient
last changed in gecko 1.8 (firefox 1.5 / thunderbird 1.5 / seamonkey 1.0) inherits from: nsisupports method overview void init(in string serverurl); void setauthentication(in string username, in string password); void clearauthentication(in string username, in string password); void setencoding(in string encoding); void setencoding(in unsigned long type, out nsiidref uuid, out nsqiresult result); void asynccall (in nsixmlrpcclientlistener listener, in nsisupports ctxt, in string methodname, in nsisupports arguments, in pruint32 count); attributes attribute type description serverurl readonly nsiurl the ur...
...call this before using this object void getdata ( in string serverurl ) ; parameters serverurl url of server side object on which methods should be called setauthentication() set authentication info if needed.
... both parameters must be specified for authentication to be enabled void setauthentication ( in string username, in string password ) ; parameters username username to be used if asked to authenticate password password to be used if asked to authenticate clearauthentication() clear authentication info void setauthentication ( in string username, in string password ) ; parameters username password setencoding() set character encoding.
... the default charset if this function is not called is "utf-8" void setauthentication ( in string encoding ) ; parameters encoding encoding charset to be used asynccall() call remote method methodname asynchronously with given arguments.

AuthenticatorAssertionResponse.authenticatorData - Web APIs
bit 2, user verification (uv) - if set, authenticator verified the actual user, through a biometric, pin, or other authentication method.
... credentialid (variable length) - a unique identifier for this credential so that it can be requested for future authentications.
...this public key will be stored on the server associated with a user's account and be used for future authentications.
... another value, provided by the relying party server timeout: 60000 }; navigator.credentials.get({ publickey: options }) .then(function (assertionpkcred) { var authenticatordata = assertionpkcred.response.authenticatordata; // maybe try to convert the authenticatordata to see what's inside // send response and client extensions to the server so that it can // go on with the authentication }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'authenticatordata' in that specification.

An overview of HTTP - HTTP
proxies may perform numerous functions: caching (the cache can be public or private, like the browser cache) filtering (like an antivirus scan or parental controls) load balancing (to allow multiple servers to serve the different requests) authentication (to control access to different resources) logging (allowing the storage of historical information) basic aspects of http http is simple http is generally designed to be simple and human readable, even with the added complexity introduced in http/2 by encapsulating http messages into frames.
...cache or authentication methods were functions handled early in http history.
... authentication some pages may be protected so that only specific users can access them.
... basic authentication may be provided by http, either using the www-authenticate and similar headers, or by setting a specific session using http cookies.

Transport Layer Security - Web security
http over tls tls provides three primary services that help ensure the safety and security of data exchanged with it: authentication authentication lets each party to the communication verify that the other party is who they claim to be.
... the cipher suite in tls 1.3 primarily governs the encryption of data, separate negotiation methods are used for key agreement and authentication.
... the removal of renegotiation in tls 1.3 might affect some web servers that rely on client authentication using certificates.
...reactive client authentication using certificates is supported by tls 1.3 but not widely implemented.

Encryption and Decryption - Archive of obsolete content
symmetric-key encryption also provides a degree of authentication, since information encrypted with one symmetric key cannot be decrypted with any other symmetric key.
...if anyone else discovers the key, it affects both confidentiality and authentication.
... symmetric-key encryption plays an important role in the ssl protocol, which is widely used for authentication, tamper detection, and encryption over tcp/ip networks.

TCP/IP Security - Archive of obsolete content
the integrity of data can be assured by generating a message authentication code (mac) value, which is a keyed cryptographic checksum of the data.
... peer authentication.
... ssl authentication is typically performed one-way, authenticating the server to the client, but it can be performed mutually.

mozbrowserusernameandpasswordrequired
isproxy a boolean indicating whether the server dealing with the authentication is a proxy server (true) or not (false).
... authenticate() a function that is called to enable the authentication to go ahead.
... cancel() a function that is called to cancel the authentication.

PKCS11 Implement
true true the device has been initialized and requires authentication.
... signing tokens include a signing certificate and are used to sign objects or messages or to perform ssl authentication.
...if your token requires authentication before executing these functions, your token cannot provide the default implementation for them.

AuthenticatorAssertionResponse - Web APIs
the authenticatorassertionresponse interface of the web authentication api is returned by credentialscontainer.get() when a publickeycredential is passed, and provides proof to a service that it has a key pair and that the authentication request is valid and approved.
... properties authenticatorassertionresponse.clientdatajson secure contextread only the client data for the authentication, such as origin and challenge.
...s }) .then(function (credentialinfoassertion) { var assertionresponse = credentialinfoassertion.response; // do something specific with the response // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'authenticatorassertionresponse interface' in that specification.

AuthenticatorAttestationResponse - Web APIs
the authenticatorattestationresponse interface of the web authentication api is returned by credentialscontainer.create() when a publickeycredential is passed, and provides a cryptographic root of trust for the new key pair that has been generated.
... properties authenticatorattestationresponse.clientdatajson secure contextread only client data for the authentication, such as origin and challenge.
...-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { var response = newcredentialinfo.response; // do something with the response // (sending it back to the relying party server maybe?) }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'authenticatorattestationresponse interface' in that specification.

PublicKeyCredentialCreationOptions.extensions - Web APIs
in other words, this may be used server side to check if the current operation is based on the same biometric data that the previous authentication.
...fingerprint, pin, pattern), how the key is protected, how the matcher (tool used for the authentication operation) is protected.
...contain the result of any of the processing of the extensions var mybuffer = newcredentialinfo.getclientextensionresults(); // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'extensions' in that specification.

PublicKeyCredentialRequestOptions.extensions - Web APIs
in other words, this may be used server side to check if the current operation is based on the same biometric data that the previous authentication.
...fingerprint, pin, pattern), how the key is protected, how the matcher (tool used for the authentication operation) is protected.
...llenge: new uint8array([/* bytes sent from the server */]) }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'extensions' in that specification.

PublicKeyCredentialRequestOptions.userVerification - Web APIs
this is a string which indicates how the user verification should be part of the authentication process.
... syntax userverification = publickeycredentialrequestoptions.userverification value a string qualifying how the user verification should be part of the authentication process.
...llenge: new uint8array([/* bytes sent from the server */]), }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'userverification' in that specification.

PublicKeyCredentialRequestOptions - Web APIs
the publickeycredentialrequestoptions dictionary of the web authentication api holds the options passed to navigator.credentials.get() in order to fetch a given publickeycredential.
... publickeycredentialrequestoptions.userverification optional a string qualifying how the user verification should be part of the authentication process.
... txauthsimple: "could you please verify yourself?" } }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'publickeycredentialrequestoptions dictionary' in that specification.

SubtleCrypto.encrypt() - Web APIs
authentication helps protect against chosen-ciphertext attacks, in which an attacker can ask the system to decrypt arbitrary messages, and use the result to deduce information about the secret key.
... while it's possible to add authentication to ctr and cbc modes, they do not provide it by default and when implementing it manually one can easily make minor, but serious mistakes.
... gcm does provide built-in authentication, and for this reason it's often recommended over the other two aes modes.

Writing WebSocket servers - Web APIs
this means that you don't have to bloat your server code with cookie and authentication handlers (for example).
...also, common headers like user-agent, referer, cookie, or authentication headers might be there as well.
... note: the server can send other headers like set-cookie, or ask for authentication or redirects via other status codes, before sending the reply handshake.

Using HTTP cookies - HTTP
depending on the application, it may be desirable to use an opaque identifier which is looked-up by the server or to investigate alternative authentication/confidentiality mechanisms such as json web tokens.
... cookies that are used for sensitive information (such as indicating authentication) should have a short lifetime, with the samesite attribute set to strict or lax.
... (see samesite cookies, above.) in browsers that support samesite, this has the effect of ensuring that the authentication cookie is not sent with cross-origin requests, so such a request is effectively unauthenticated to the application server.

Index - HTTP
89 proxy-authenticate http, http header, proxy, reference, response header the http proxy-authenticate response header defines the authentication method that should be used to gain access to a resource behind a proxy server.
... 90 proxy-authorization http, http header, reference, request header, header the http proxy-authorization request header contains the credentials to authenticate a user agent to a proxy server, usually after the server has responded with a 407 proxy authentication required status and the proxy-authenticate header.
... 114 www-authenticate http, http header, reference, response header, header the http www-authenticate response header defines the authentication method that should be used to gain access to a resource.

401 Unauthorized - HTTP
the http 401 unauthorized client error status response code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
... this status is similar to 403, but in this case, authentication is possible.
... status 401 unauthorized example response http/1.1 401 unauthorized date: wed, 21 oct 2015 07:28:00 gmt www-authenticate: basic realm="access to staging site" specifications specification title rfc 7235, section 3.1: 401 unauthorized http/1.1: authentication ...

HTTP Class Overview - Archive of obsolete content
nshttphandler implements nsiprotocolhandler manages preferences owns the authentication cache holds references to frequently used services nshttpchannel implements nsihttpchannel talks to the cache initiates http transactions processes http response codes intercepts progress notifications nshttpconnection implements nsistreamlistener & nsistreamprovider talks to the socket transport service feeds data to its transaction object routes progress notifications nshttpconnectioninfo identifies a connec...
...ming data nshttpchunkeddecoder owned by a transaction strips chunked transfer encoding nshttprequesthead owns a nshttpheaderarray knows how to fill a request buffer nshttpresponsehead owns a nshttpheaderarray knows how to parse response lines performs common header manipulations/calculations nshttpheaderarray stores http "<header>:<value>" pairs nshttpauthcache stores authentication credentials for http auth domains nshttpbasicauth implements nsihttpauthenticator generates basic auth credentials from user:pass nshttpdigestauth implements nsihttpauthenticator generates digest auth credentials from user:pass original document information author(s): darin fisher last updated date: august 5, 2002 copyright information: portions of this content are © 1998–2...

Vulnerabilities - Archive of obsolete content
an example is the number of consecutive failed authentication attempts to permit before locking out a user account.
...broken authentication & session management 4.

Cipher suite - MDN Web Docs Glossary: Definitions of Web-related terms
a cipher suite is a combination of a key exchange algorithm, authentication method, bulk encryption cipher, and message authentication code.
... a typical cipher suite looks like ecdhe_rsa_with_aes_128_gcm_sha256 or ecdhe-rsa-aes128-gcm-sha256, indicating: ecdhe (elliptic curve diffie-hellman ephemeral) for key exchange rsa for authentication aes-128 as the cipher, with galois/counter mode (gcm) as the block cipher mode of operation sha-256 as the hash-based message authentication code (hmac) learn more mozilla recommended cipher suite choices for tls ...

SQL Injection - MDN Web Docs Glossary: Definitions of Web-related terms
finally, due to the or operator, the value ( false or true ) is true, so authentication bypasses successfully.
...the revised magical string fails to bypass the authentication, and your database stays secure.

Session Hijacking - MDN Web Docs Glossary: Definitions of Web-related terms
most authentication occurs only at the start of a tcp session.
... protection against session hijacking create a secure communication channel with ssh (secure shell) pass authentication cookies over https connection implement logout functionality so the user can end the session generate the session id after successful login pass encrypted data between the users and the web server use a string or long random number as a session key learn more general knowledge session hijacking on wikipedia ...

NSS FAQ
the pkcs #11 interface included in nss means that your application can use hardware accelerators on the server and smart cards for two-factor authentication.
...nss includes detailed documentation of the ssl api and sample code that demonstrates basic ssl functionality (setting up an encrypted session, server authentication, and client authentication) to help jump start the integration process.

Index
ry position, use none, any, or all of the attribute codes: o p - valid peer o p - trusted peer (implies p) o c - valid ca o t - trusted ca to issue client certificates (implies c) o c - trusted ca to issue server certificates (ssl only) (implies c) o u - certificate can be used for authentication or signing o w - send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.
... 336 pkcs11 module installation authentication, biometric, mozilla, nss, pkcs #11, projects, security, smart card, smart-card, smartcard, pkcs11 pkcs #11 modules are external modules which add to firefox support for smartcard readers, biometric security devices, and external certificate stores.

NSS 3.43 release notes
new in nss 3.43 new functionality new functions in sechash.h hash_gethashoidtagbyhashtype - convert type hash_hashtype to type secoidtag in sslexp.h ssl_sendcertificaterequest - allow server to request post-handshake client authentication.
...note that while the mechanism is present, post-handshake authentication is currently not tls 1.3 compliant due to bug 1532312 notable changes in nss 3.43 the following ca certificates were added: cn = emsign root ca - g1 sha-256 fingerprint: 40f6af0346a99aa1cd1d555a4e9cce62c7f9634603ee406615833dc8c8d00367 cn = emsign ecc root ca - g3 sha-256 fingerprint: 86a1ecba089c4a8d3bbe2734c612ba341d813e043cf9e8a862cd5c57a36bbe6b cn = emsign root ca - c1 sha-256 fingerprint: 125609aa301da0a249b97a8239cb6a34216f44dcac9f3954b14292f2e8c8608f cn = emsign ecc root ca - c3 sha-256 fingerprint: bc4d809b15189d78db3e1d8cf4f9726a795da1643ca5f1358e1ddb0edc0d7eb3 cn =...

nss tech note3
the list of known seccertusages is short: certusagesslclient ........... an ssl client authentication cert certusagesslserver ........... an ordinary ssl server cert certusagesslserverwithstepup.. an ssl server cert that allows export clients to use strong crypto.
... this allows all ssl client authentication certs with email addresses to also be used as email certs (provded they have adequate key usage).

Overview of NSS
the secure sockets layer (ssl) protocol allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection.
...itu standard that governs the format of certificates used for authentication in public-key cryptography.

FC_SetOperationState
syntax ck_rv fc_setoperationstate( ck_session_handle hsession, ck_byte_ptr poperationstate, ck_ulong uloperationstatelen, ck_object_handle hencryptionkey, ck_object_handle hauthenticationkey ); parameters hsession [in] handle of the open session.
...hauthenticationkey [in] handle of the authentication key to be used in the stored session or zero if none is needed.

gtstd.html
>mkdir server_db >certutil -n -d server_db import the new ca certificate into the server's certificate database, and mark it trusted for issuing certificates for ssl client and server authentication.
... >mkdir client_db >certutil -n -d client_db import the new ca certificate into the client's certificate database, and mark it trusted for issuing certificates for ssl client and server authentication.

TLS Cipher Suite Discovery
they must agree on these items: key establishment algorithm (such as rsa, dh, or ecdh) peer authentication algorithm (such as rsa, dsa, ecdsa) bulk data encryption algorithm (such as rc4, des, aes) and key size digest algorithm for message authentication checking (sha1, sha256) there are numerous available choices for each of those categories, and the number of possible combinations of all those choices is large.
...the sslciphersuiteinfo structure contains this information, declared in "sslt.h": typedef struct sslciphersuiteinfostr { pruint16 length; pruint16 ciphersuite; /* cipher suite name */ const char * ciphersuitename; /* server authentication info */ const char * authalgorithmname; sslauthtype authalgorithm; /* key exchange algorithm info */ const char * keatypename; sslkeatype keatype; /* symmetric encryption info */ const char * symciphername; sslcipheralgorithm symcipher; pruint16 symkeybits; pruint16 symkeyspace...

nsIAuthPromptCallback
method overview void onauthavailable(in nsisupports acontext, in nsiauthinformation aauthinfo); void onauthcancelled(in nsisupports acontext, in boolean usercancel); methods onauthavailable() authentication information is available.
... aauthinfo authentication information.

nsIAuthPromptProvider
prompt_proxy 1 proxy authentication request.
...void getauthprompt( in pruint32 apromptreason, in nsiidref iid, [iid_is(iid),retval] out nsqiresult result ); parameters apromptreason the reason for the authentication prompt, one of the prompt_* constants.

Using nsILoginManager
the hostname, username and password attributes are mandatory, while the other fields are set based on whether the login is for a web page form or an http/ftp authentication site login.
...( 'http://www.example.com', 'http://login.example.com', null, 'joe', 'secret123', 'uname', 'pword' ); this login would correspond to a html form such as: <form action="http://login.example.com/foo/authenticate.cgi"> <div>please log in.</div> <label>username:</label> <input type="text" name="uname"> <label>password:</label> <input type="password" name="pword"> </form> creating a site authentication login var authlogininfo = new nslogininfo( 'http://www.example.com', null, 'exampleco login', 'alice', 'secret321', "", "" ); this would correspond to a login on http://www.example.com when the server sends a reply such as: http/1.0 401 authorization required server: apache/1.3.27 www-authenticate: basic realm="exampleco login" creating a local extension login var extlogininfo =...

nsIPushSubscription
auth the shared authentication secret, used as the salt in the hkdf invocation.
...et request = cc["@mozilla.org/xmlextras/xmlhttprequest;1"] .createinstance(ci.nsixmlhttprequest); request.open("post", "https://example.com/register-for-push", true); request.addeventlistener("error", () => { cu.reporterror("error sending subscription to server"); }); request.send(json.stringify({ endpoint: subscription.endpoint, // base64-encode the key and authentication secret.

nsISound
event_prompt_dialog_open 3 a prompt dialog (one that allows the user to enter data, such as an authentication dialog) is opened.
... _moz_promptdialog the system sound when a prompt dialog (one that allows the user to enter data, such as an authentication dialog) is opened.

PKCS #11 Netscape Trust Objects - Network Security Services
cka_trust_server_auth ck_trust level of trust for server authentication purpose.
... cka_trust_client_auth ck_trust level of trust for client authentication purpose.

AuthenticatorResponse - Web APIs
the authenticatorresponse interface of the web authentication api is the base interface for interfaces that provide a cryptographic root of trust for a key pair.
....com", displayname: "john doe" }, pubkeycredparams: [ { type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { var attestationresponse = newcredentialinfo.response; }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'authenticatorresponse interface' in that specification.

Ajax navigation example - Web APIs
", 305: "use proxy", 306: "reserved", 307: "temporary redirect", 308: "permanent redirect", 400: "bad request", 401: "unauthorized", 402: "payment required", 403: "forbidden", 404: "not found", 405: "method not allowed", 406: "not acceptable", 407: "proxy authentication required", 408: "request timeout", 409: "conflict", 410: "gone", 411: "length required", 412: "precondition failed", 413: "request entity too large", 414: "request-uri too long", 415: "unsupported media type", 416: "requested range not satisfiable", 417: "expectation failed", ...
...: "not implemented", 502: "bad gateway", 503: "service unavailable", 504: "gateway timeout", 505: "http version not supported", 506: "variant also negotiates (experimental)", 507: "insufficient storage", 508: "loop detected", 509: "unassigned", 510: "not extended", 511: "network authentication required" }; var oreq, bisloading = false, bupdateurl = false; oloadingbox.id = "ajax-loader"; ocover.onclick = abortreq; oloadingimg.src = "data:image/gif;base64,r0lgodlheaaqapiaap///waaamlcwkjcqgaaagjiyokcgpkskih/c05fvfndqvbfmi4waweaaaah/hpdcmvhdgvkihdpdgggywphegxvywquaw5mbwah+qqjcgaaacwaaaaaeaaqaaadmwi63p4wyklre2mioggznadomgyjrbexwroumcg2lmdewnhqlvsyod2mbzkyd...

PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable() - Web APIs
as of today (march 2019), this is basically indicating if windows hello may be used with the web authentication api and that the user has accepted its use.
...lable){ if(available){ // we can proceed with the creation of a publickeycredential // with this authenticator } else { // use another kind of authenticator or a classical login/password // workflow } }).catch(function(err){ // something went wrong console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'isuserverifyingplatformauthenticatoravailable' in that specification.

PublicKeyCredential - Web APIs
it inherits from credential, and was created by the web authentication api extension to the credential management api.
...llenge: new uint8array([/* bytes sent from the server */]) }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'publickeycredential interface' in that specification.

PublicKeyCredentialCreationOptions.authenticatorSelection - Web APIs
userverificationoptional a string qualifying how the user verification should be part of the authentication process.
...{ type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'authenticatorselection' in that specification.

PublicKeyCredentialCreationOptions - Web APIs
the publickeycredentialcreationoptions dictionary of the web authentication api holds options passed to navigators.credentials.create() in order to create a publickeycredential.
... var clientextensionsoutputs = newcredentialinfo.getclientextensionsresults(); // send the response to the relying party server // it will verify the content and integrity before // creating a new credential }).catch(function (err) { // deal with any error properly console.error(err); });; specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'publickeycredentialcreationoptions dictionary' in that specification.

RTCConfiguration - Web APIs
certificates optional an array of objects of type rtccertificate which are used by the connection for authentication.
...the first one, stun:stun.services.mozilla.com, requires authentication, so the username and password are provided.

RTCIceServers.urls - Web APIs
mypeerconnection = new rtcpeerconnection({ iceservers: [ { urls: "stun:stunserver.example.org" } ] }); notice that only the urls property is provided; the stun server doesn't require authentication, so this is all that's needed.
... a single ice server with authentication the second example creates a new rtcpeerconnection which will use a turn server at turnserver.example.org to negotiate connections.

RTCIceServer - Web APIs
username optional if the rtciceserver is a turn server, then this is the username to use during the authentication process.
...the first one, stun:stun.services.mozilla.com, requires authentication, so the username and password are provided.

RTCIdentityErrorEvent.loginUrl - Web APIs
the read-only property rtcidentityerrorevent.loginurl is a domstring giving the url where the user can complete the authentication.
... syntax var loginurl = event.loginurl; event.loginurl = "https://developer.mozilla.org/fakeurl"; example pc.onidpassertionerror = function( ev ) { alert("the idp requested an authentication" + " to be performed at th3 url '" + ev.url + "'."); } ...

Signaling and video calling - Web APIs
your workflow may also demand login/authentication functionality, but such details will vary.
...it may also provide username and credential values to allow authentication to take place, if needed.

Attestation and Assertion - Web APIs
there are two different types of certificates used in webauthn for registration and authentication.
...the sections below describe attestation, which happens during registration, and assertion which happens during authentication.

XMLHttpRequest.open() - Web APIs
user optional the optional user name to use for authentication purposes; by default, this is the null value.
... password optional the optional password to use for authentication purposes; by default, this is the null value.

Cognitive accessibility - Accessibility
ain-language standards; focusing attention on important content; minimizing distractions, such as unnecessary content or advertisements; providing consistent web page layout and navigation; incorporating familiar elements, such as underlined links that are blue when not visited and purple when visited; dividing processes into logical, essential steps with progress indicators; making website authentication as easy as possible without compromising security; and making forms easy to complete, such as with clear error messages and simple error recovery.
...for example, being able to extend the expiration time on an application requiring an authentication code sent to a mobile device via text message helps with the following scenarios: people with attention or anxiety disorders.

<audio>: The Embed Audio element - HTML: Hypertext Markup Language
in other words, it sends the origin: http header without a cookie, x.509 certificate, or performing http basic authentication.
...in other words, it sends the origin: http header with a cookie, a certificate, or performing http basic authentication.

<link>: The External Resource Link element - HTML: Hypertext Markup Language
no cookie, x.509 certificate, or http basic authentication).
...a cookie, certificate, and/or http basic authentication is performed).

<video>: The Video Embed element - HTML: Hypertext Markup Language
in other words, it sends the origin: http header without a cookie, x.509 certificate, or performing http basic authentication.
...in other words, it sends the origin: http header with a cookie, a certificate, or performing http basic authentication.

Cross-Origin Resource Sharing (CORS) - HTTP
servers can also inform clients whether "credentials" (such as cookies and http authentication) should be sent with requests.
... requests with credentials the most interesting capability exposed by both xmlhttprequest or fetch and cors is the ability to make "credentialed" requests that are aware of http cookies and http authentication information.

HTTP headers - HTTP
authentication www-authenticate defines the authentication method that should be used to access a resource.
... proxy-authenticate defines the authentication method that should be used to access a resource behind a proxy server.

HTTP response status codes - HTTP
407 proxy authentication required this is similar to 401 but authentication is needed to be done by a proxy.
... 511 network authentication required the 511 status code indicates that the client needs to authenticate to gain network access.

Secure contexts - Web security
a secure context is a window or worker for which certain minimum standards of authentication and confidentiality are met.
... a context is considered secure when it meets certain minimum standards of authentication and confidentiality defined in the secure contexts specification.

request - Archive of obsolete content
terpreted as latin-1, use overridemimetype: var request = require("sdk/request").request; var quijote = request({ url: "http://www.latin1files.org/quijote.txt", overridemimetype: "text/plain; charset=latin1", oncomplete: function (response) { console.log(response.text); } }); quijote.get(); anonymous boolean if true, the request will be sent without cookies or authentication headers.

Index of archived content - Archive of obsolete content
npapi plug-in side api npanycallbackstruct npbyterange npclass npembedprint npevent npfullprint npidentifier npn newstream npnvariable npn_createobject npn_destroystream npn_enumerate npn_evaluate npn_forceredraw npn_getauthenticationinfo npn_getintidentifier npn_getproperty npn_getstringidentifier npn_getstringidentifiers npn_geturl npn_geturlnotify npn_getvalue npn_getvalueforurl npn_hasmethod npn_hasproperty npn_identifierisstring npn_intfromidentifier npn_invalidaterect...

MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
all users have a personal account on a windows server (ad) and an ldap account for linux authentication.

Browser-side plug-in API - Archive of obsolete content
npn_destroystream npn_forceredraw npn_getauthenticationinfo npn_geturl npn_geturlnotify npn_getvalue npn_getvalueforurl npn_invalidaterect npn_invalidateregion npn_memalloc npn_memflush npn_memfree npn_newstream npn_pluginthreadasynccall npn_poppopupsenabledstate npn_posturl npn_posturlnotify npn_pushpopupsenabledstate npn_reloadplugins npn_requestread npn_setvalue npn_setvalueforurl npn_status npn_useragent npn_version npn_writ...

NPN_GetValueForURL - Archive of obsolete content
see also npn_setvalueforurl, npn_getauthenticationinfo ...

NPN_SetValueForURL - Archive of obsolete content
see also npn_getvalueforurl, npn_getauthenticationinfo ...

NPAPI plugin reference - Archive of obsolete content
npn_getauthenticationinfo the function is called by plugins to get http authentication information from the browser.

Digital Signatures - Archive of obsolete content
tamper detection and related authentication techniques rely on a mathematical function called a one-way hash (also called a message digest).

Security - Archive of obsolete content
both client and server authentication occur over ssl/tls.

Using SSH to connect to CVS - Archive of obsolete content
make sure you have a ~/.ssh/config file that has at least the following directives preferredauthentications hostbased,publickey,password host cvs.mozilla.org proxycommand corkscrew <i>proxyserver.foo.com</i> <i>port</i> %h %p replaceproxyserver.foo.com with the hostname of your proxy server, andport with the numeric tcp port on which the http tunnel is running.

Cryptographic hash function - MDN Web Docs Glossary: Definitions of Web-related terms
cryptographic hash functions are used for authentication, digital signatures, and message authentication codes.

Cryptography - MDN Web Docs Glossary: Definitions of Web-related terms
more than just data confidentiality, cryptography also tackles identification, authentication, non-repudiation, and data integrity.

HMAC - MDN Web Docs Glossary: Definitions of Web-related terms
hmac is used to ensure both integrity and authentication.

RTP (Real-time Transport Protocol) and SRTP (Secure RTP) - MDN Web Docs Glossary: Definitions of Web-related terms
the secure version of rtp, srtp, is used by webrtc, and uses encryption and authentication to minimize the risk of denial-of-service attacks and security breaches.

SMTP - MDN Web Docs Glossary: Definitions of Web-related terms
primary complications include supporting various authentication mechanisms (gssapi, cram-md5, ntlm, msn, auth login, auth plain, etc.), handling error responses, and falling back when authentication mechanisms fail (e.g., the server claims to support a mechanism, but doesn't).

Hash - MDN Web Docs Glossary: Definitions of Web-related terms
this provides the basis for hmac's, which provide message authentication.

MDN Web Docs Glossary: Definitions of Web-related terms
box breadcrumb brotli browser browsing context buffer c cache cacheable caldav call stack callback function canonical order canvas card sorting carddav caret cdn certificate authority certified challenge-response authentication character character encoding character set chrome cia cipher cipher suite ciphertext class client hints closure cms code splitting codec compile compile time computer programming conditional constant constructor ...

What is accessibility? - Learn web development
od content, such as text written using plain-language standards; focusing attention on important content; minimizing distractions, such as unnecessary content or advertisements; consistent webpage layout and navigation; familiar elements, such as underlined links blue when not visited and purple when visited; dividing processes into logical, essential steps with progress indicators; website authentication as easy as possible without compromising security; and making forms easy to complete, such as with clear error messages and simple error recovery.

Introduction to the server side - Learn web development
support for sessions, support for users and authentication, easy database access, templating libraries, etc.).

Website security - Learn web development
consider two-factor authentication for your site, so that in addition to a password the user must enter another authentication code (usually one that is delivered via some physical hardware that only the user will have, such as a code in an sms sent to their phone).

Implementing feature detection - Learn web development
to get a key, sign in to a google account, go to the get a key/authentication page, then click the blue get a key button and follow the instructions.

Deploying our app - Learn web development
for this you need your github username and then — if you do not have two-factor authentication (2fa) turned on — your github password.

Introducing a complete toolchain - Learn web development
once you've signed up for github (click the sign up link on the homepage if you don't already have an account, and follow the instructions), you can use your github account for authentication on netlify (click sign up, then choose github from the "sign up with one of the following" list), so technically you only need to create one new account.

Blocked: All storage access requests
the permission can be changed or removed by: going to preferences > content blocking in the custom content blocking section, selecting a value other than all cookies for the cookies item if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to your element.

Blocked: All third-party storage access requests
the permission can be changed or removed by: going to preferences > content blocking and either adding an exception with the manage exceptions… button choosing the custom content blocking and unchecking the cookies checkbox if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to the relevant element.

Blocked: Storage access requests from trackers
the permission can be changed or removed by: going to preferences > content blocking and either adding an exception with the manage exceptions… button choosing the custom content blocking and unchecking the tracker checkbox if the blocked resource doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to the relevant element.

Embedding Tips
the nsiauthprompt interface allows the networking layer to pose a user / password prompt to obtain the values needed for authentication.

Mozilla Web Services Security Model
allow all services on a site to be accessed from any web page note that this is only a sensible thing to do if nothing on the site serves content based on cookies, http authentication, ip address / domain origin, or any other method of authentication.

Firefox Sync
it uses firefox accounts for account, authentication and key management.

Cryptography functions
11_needuserinit mxr 3.2 and later pk11_paramfromiv mxr 3.2 and later pk11_paramfromalgid mxr 3.2 and later pk11_paramtoalgid mxr 3.2 and later pk11_pbekeygen mxr 3.2 and later pk11_privdecryptpkcs1 mxr 3.9.3 and later pk11_protectedauthenticationpath mxr 3.4 and later pk11_pubdecryptraw mxr 3.2 and later pk11_pubderive mxr 3.2 and later pk11_pubderivewithkdf mxr 3.9 and later pk11_pubencryptpkcs1 mxr 3.9.3 and later pk11_pubencryptraw mxr 3.2 and later pk11_pubunwrapsymkey ...

JSS FAQ
it runs nss's cert authentication check, then calls the callback regardless of whether the cert passed or failed.

NSS_3.11.10_release_notes.html
bug 398680: assertion botch in ssl3_registerserverhelloextensionsender doing second handshake with ssl_forcehandshake bug 403240: threads hanging in nss_initlock bug 403888: memory leak in trustdomain.c bug 416067: certutil -l -h token doesn't report token authentication failure bug 417637: tstclnt crashes if -p option is not specified bug 421634: don't send an sni client hello extension bearing an ipv6 address bug 422918: add verisign class 3 public primary ca - g5 to nss bug 424152: add thawte primary root ca to nss bug 424169: add geotrust primary certification authority root to nss bug 425469: add multiple new roots: geotrust bug 426568: add com...

NSS 3.15.1 release notes
the hash function used in the signature for tls 1.2 client authentication must be the hash function of the tls 1.2 prf, which is always sha-256 in nss 3.15.1.

NSS 3.15.4 release notes
support sha-1 signatures with tls 1.2 client authentication.

NSS 3.23 release notes
2 sha-256 fingerprint: a1:33:9d:33:28:1a:0b:56:e5:57:d3:d3:2b:1c:e7:f9:36:7e:b0:94:bd:5f:a7:2a:7e:50:04:c8:de:d7:ca:fe cn = certum trusted network ca 2 sha-256 fingerprint: b6:76:f2:ed:da:e8:77:5c:d3:6c:b0:f6:3c:d1:d4:60:39:61:f4:9e:62:65:ba:01:3a:2f:03:07:b6:d0:b8:04 the following ca certificate had the email trust bit turned on cn = actalis authentication root ca sha-256 fingerprint: 55:92:60:84:ec:96:3a:64:b9:6e:2a:be:01:ce:0b:a8:6a:64:fb:fe:bc:c7:aa:b5:af:c1:55:b3:7f:d7:60:66 security fixes in nss 3.23 bug 1245528 / cve-2016-1950 - fixed a heap-based buffer overflow related to the parsing of certain asn.1 structures.

NSS 3.24 release notes
update sslauthtype to define a larger number of authentication key types.

NSS 3.25.1 release notes
previously, with rare server configurations, an md5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after.

NSS 3.25 release notes
removed the limitation that allowed nss to only support certificate_verify messages that used the same signature hash algorithm as the prf when using tls 1.2 client authentication.

NSS 3.26.2 release notes
previously, with rare server configurations, an md5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after.

NSS 3.27 release notes
cn = juur-sk, o = as sertifitseerimiskeskus sha256 fingerprint: ec:c3:e9:c3:40:75:03:be:e0:91:aa:95:2f:41:34:8f:f8:8b:aa:86:3b:22:64:be:fa:c8:07:90:15:74:e9:39 cn = ebg elektronik sertifika hizmet sağlayıcısı sha-256 fingerprint: 35:ae:5b:dd:d8:f7:ae:63:5c:ff:ba:56:82:a8:f0:0b:95:f4:84:62:c7:10:8e:e9:a0:e5:29:2b:07:4a:af:b2 cn = s-trust authentication and encryption root ca 2005:pn sha-256 fingerprint: 37:d8:dc:8a:f7:86:78:45:da:33:44:a6:b1:ba:de:44:8d:8a:80:e4:7b:55:79:f9:6b:f6:31:76:8f:9f:30:f6 o = verisign, inc., ou = class 1 public primary certification authority sha-256 fingerprint: 51:84:7c:8c:bd:2e:9a:72:c9:1e:29:2d:2a:e2:47:d7:de:1e:3f:d2:70:54:7a:20:ef:7d:61:0f:38:b8:84:2c o = verisign, inc.

NSS 3.33 release notes
fixes cve-2017-7805, a potential use-after-free in tls 1.2 server, when verifying client authentication.

NSS 3.36.4 release notes
bugs fixed in nss 3.36.4 bug 1461731 - fix crash on macos related to authentication tokens, e.g.

NSS 3.37.3 release notes
bug 1461731 - fix crash on macos related to authentication tokens, e.g.

NSS 3.44 release notes
sh with netscape certificate sequences 1533616 - sdb_getattributevaluenolock should make at most one sql query, rather than one for each attribute 1531236 - provide accessor for certcertificate.dercert 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine 1532384 - in nss test certificates, use @example.com (not @bogus.com) 1538479 - post-handshake messages after async server authentication break when using record layer separation 1521578 - x25519 support in pk11pars.c 1540205 - freebl build fails with -dnss_disable_chachapoly 1532312 - post-handshake auth doesn't interoperate with openssl 1542741 - certutil -f crashes with segmentation fault 1546925 - allow preceding text in try comment 1534468 - expose chacha20 primitive 1418944 - quote cc/cxx variables passed to nspr 1543...

NSS 3.46 release notes
n of integers of different signs: 'int' and 'unsigned long' bug 1564714 - print certutil commands during setup bug 1565013 - hacl image builder times out while fetching gpg key bug 1563786 - update hacl-star docker image to pull specific commit bug 1559012 - improve gcm perfomance using pmull2 bug 1528666 - correct resumption validation checks bug 1568803 - more tests for client certificate authentication bug 1564284 - support profile mobility across windows and linux bug 1573942 - gtest for pkcs11.txt with different breaking line formats bug 1575968 - add strsclnt option to enforce the use of either ipv4 or ipv6 bug 1549847 - fix nss builds on ios bug 1485533 - enable nss_ssl_tests on taskcluster this bugzilla query returns all the bugs fixed in nss 3.46: https://bugzilla.mozilla.org/bugl...

PKCS11 FAQ
nss itself uses two tokens internally--one that provides generic cryptographic services without authentication, and one that provides operations based on the keys stored in the user's database and do need authentication.

PKCS #11 Module Specs
timeout - time in minutes before the current authentication should be rechecked.

Python binding for NSS
the following classes were replaced signaturealgorithm replaced by new class algorithmid the following classes were added algorithmid pkcs12decodeitem pkcs12decoder the following class methods were added pk11slot.authenticate() pk11slot.get_disabled_reason() pk11slot.has_protected_authentication_path() pk11slot.has_root_certs() pk11slot.is_disabled() pk11slot.is_friendly() pk11slot.is_internal() pk11slot.is_logged_in() pk11slot.is_removable() pk11slot.logout() pk11slot.need_login() pk11slot.need_user_init() pk11slot.user_disable() pk11slot.user_enable() pkcs12decodeitem.format() pkcs12decodeitem.format_lines() pkcs12de...

NSS functions
11_needuserinit mxr 3.2 and later pk11_paramfromiv mxr 3.2 and later pk11_paramfromalgid mxr 3.2 and later pk11_paramtoalgid mxr 3.2 and later pk11_pbekeygen mxr 3.2 and later pk11_privdecryptpkcs1 mxr 3.9.3 and later pk11_protectedauthenticationpath mxr 3.4 and later pk11_pubdecryptraw mxr 3.2 and later pk11_pubderive mxr 3.2 and later pk11_pubderivewithkdf mxr 3.9 and later pk11_pubencryptpkcs1 mxr 3.9.3 and later pk11_pubencryptraw mxr 3.2 and later pk11_pubunwrapsymkey ...

NSS tools : certutil
each category position, use none, any, or all of the attribute codes: + p - valid peer + p - trusted peer (implies p) + c - valid ca + t - trusted ca to issue client certificates (implies c) + c - trusted ca to issue server certificates (ssl only) (implies c) + u - certificate can be used for authentication or signing + w - send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.

NSS Tools certutil-tasks
(bugfix) listing provate keys does not work: requires password authentication.

NSS Tools certutil
in each category position use zero or more of the following attribute codes: p prohibited (explicitly distrusted) p trusted peer c valid ca t trusted ca to issue client certificates (implies c) c trusted ca to issue server certificates (ssl only) (implies c) u certificate can be used for authentication or signing w send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.

certutil
ry position, use none, any, or all of the attribute codes: o p - valid peer o p - trusted peer (implies p) o c - valid ca o t - trusted ca to issue client certificates (implies c) o c - trusted ca to issue server certificates (ssl only) (implies c) o u - certificate can be used for authentication or signing o w - send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.

The Necko HTTP module
rfc 2617 for the http/1.1 basic and digest authentication specifications.

TPS Password Lists
used for http authentication passwords.

TPS Tests
} note that in this example, the foobar@restmail.net account must be registered on stage, otherwise authentication will fail (and the whole test will fail as well.

nsIAuthPrompt
netwerk/base/public/nsiauthprompt.idlscriptable this interface allows the networking layer to pose a user/password prompt to obtain the values needed for authentication.

nsILoginInfo
this field is null for logins attained from protocol authentications and "" means to match against any form action.

nsILoginManager
called when looking for logins that might be applicable to a given form or authentication request.

nsILoginManagerStorage
this method is called by the login manager when looking for saved logins that might apply to a form or authentication request.

nsIMsgIncomingServer
loginatstartup boolean logonfallback boolean maxmessagesize long offlinesupportlevel long password acstring passwordpromptrequired boolean if the password for the server is available either via authentication in the current session or from password manager stored entries, return false.

nsIRequest
note: this will prevent proxy authentications from working, so use this flag with caution.

nsIURI
this is useful for authentication, managing sessions, or for checking the origin of an uri to prevent cross-site scripting attacks while using methods such as window.postmessage().

Mozilla
integrated authentication this entails support for the the simple and protected gss-api negotiation mechanism (spnego) internet standard (rfc 2478) to negotiate either kerberos, ntlm, or other authentication protocols supported by the operating system.

Browser Side Plug-in API - Plugins
npn_getauthenticationinfo this function is called by plug-ins to get http authentication information from the browser.

Gecko Plugin API Reference - Plugins
npn_getauthenticationinfo this function is called by plug-ins to get http authentication information from the browser.

AesGcmParams - Web APIs
this determines the size in bits of the authentication tag generated in the encryption operation and used for authentication in the corresponding decryption.

AuthenticatorAssertionResponse.signature - Web APIs
examples var options = { challenge: new uint8array(26), // will be another value, provided by the relying party server timeout: 60000 }; navigator.credentials.get({ publickey: options }) .then(function (assertionpkcred) { var signature = assertionpkcred.response.signature; // send response and client extensions to the server so that it can // go on with the authentication }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'signature' in that specification.

AuthenticatorAssertionResponse.userHandle - Web APIs
number, etc.) examples var options = { challenge: new uint8array(26), // will be another value, provided by the relying party server timeout: 60000 }; navigator.credentials.get({ publickey: options }) .then(function (assertionpkcred) { var userhandle = assertionpkcred.response.userhandle; // send response and client extensions to the server so that it can // go on with the authentication }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'userhandle' in that specification.

AuthenticatorAttestationResponse.attestationObject - Web APIs
blickey }) .then(function (newcredentialinfo) { var attestationobj = newcredentialinfo.response.attestationobject; // this will be a cbor encoded arraybuffer // do something with the response // (sending it back to the relying party server maybe?) }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'attestationobject' in that specification.

AuthenticatorAttestationResponse.getTransports() - Web APIs
y", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { var transports = newcredentialinfo.response.gettransports(); console.table(transports); // may be something like ["internal", "nfc", "usb"] }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'gettransports()' in that specification.

AuthenticatorResponse.clientDataJSON - Web APIs
astr = arraybuffertostr(pk.clientdatajson); var clientdataobj = json.parse(clientdatastr); console.log(clientdataobj.type); // "webauthn.create" or "webauthn.get" console.log(clientdataobj.challenge); // base64 encoded string containing the original challenge console.log(clientdataobj.origin); // the window.origin specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'clientdatajson' in that specification.

Credential Management API - Web APIs
web authentication: an api for accessing public key credentials level 1 recommendation initial definition.

CredentialsContainer.create() - Web APIs
web authentication: an api for accessing public key credentials level 1 recommendation initial definition.

CredentialsContainer.get() - Web APIs
web authentication: an api for accessing public key credentials level 1 recommendation initial definition.

CredentialsContainer - Web APIs
web authentication: an api for accessing public key credentials level 1 recommendation initial definition.

Document.execCommand() - Web APIs
clearauthenticationcache clears all authentication credentials from the cache.

PasswordCredential.iconURL - Web APIs
the url must be accessible without authentication.

PasswordCredential - Web APIs
the url must be accessible without authentication.

PerformanceResourceTiming.connectEnd - Web APIs
the timestamp value includes the time interval to establish the transport connection, as well as other time intervals such as ssl handshake and socks authentication.

PerformanceTiming.connectEnd - Web APIs
a connection is considered as opened when all secure connection handshake, or socks authentication, is terminated.

PerformanceTiming - Web APIs
a connection is considered as opened when all secure connection handshake, or socks authentication, is terminated.

PublicKeyCredential.getClientExtensionResults() - Web APIs
} ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { var mybuffer = newcredentialinfo.getclientextensionresults(); // mybuffer will contain the result of any of the processing of the "loc" and "uvi" extensions }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'getclientextensionresults()' in that specification.

PublicKeyCredential.id - Web APIs
reate({ publickey }) .then(function (newcredentialinfo) { var id = newcredentialinfo.id; // do something with the id // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'id' in that specification.

PublicKeyCredential.rawId - Web APIs
me: "john doe", }, pubkeycredparams: [ { type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey: options }) .then(function (pubkeycredential) { var rawid = pubkeycredential.rawid; // do something with rawid }).catch(function (err) { // deal with any error }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'rawid' in that specification.

PublicKeyCredential.response - Web APIs
then(function (pubkeycredential) { var response = pubkeycredential.response; var clientextresults = pubkeycredential.getclientextensionresults(); // send response and client extensions to the server so that it can validate // and create credentials }).catch(function (err) { // deal with any error }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'response' in that specification.

PublicKeyCredentialCreationOptions.attestation - Web APIs
pe: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'attestation' in that specification.

PublicKeyCredentialCreationOptions.challenge - Web APIs
pe: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'challenge' in that specification.

PublicKeyCredentialCreationOptions.excludeCredentials - Web APIs
{ type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'excludecredentials' in that specification.

PublicKeyCredentialCreationOptions.pubKeyCredParams - Web APIs
le.com", displayname: "john doe", } }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'pubkeycredparams' in that specification.

PublicKeyCredentialCreationOptions.rp - Web APIs
pe: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'rp' in that specification.

PublicKeyCredentialCreationOptions.timeout - Web APIs
pe: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'timeout' in that specification.

PublicKeyCredentialCreationOptions.user - Web APIs
pe: "public-key", alg: -7 } ] }; navigator.credentials.create({ publickey }) .then(function (newcredentialinfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'user' in that specification.

PublicKeyCredentialRequestOptions.allowCredentials - Web APIs
allenge: new uint8array([/* bytes sent from the server */]) }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'allowcredentials' in that specification.

PublicKeyCredentialRequestOptions.challenge - Web APIs
llenge: new uint8array([/* bytes sent from the server */]) }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'challenge' in that specification.

PublicKeyCredentialRequestOptions.rpId - Web APIs
// is something like foo.example.com }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'rpid' in that specification.

PublicKeyCredentialRequestOptions.timeout - Web APIs
ation // and maybe fail if it takes longer }; navigator.credentials.get({ "publickey": options }) .then(function (credentialinfoassertion) { // send assertion response back to the server // to proceed with the control of the credential }).catch(function (err) { console.error(err); }); specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'timeout' in that specification.

PushManager.subscribe() - Web APIs
if specified, all messages from your application server must use the vapid authentication scheme, and include a jwt signed with the corresponding private key.

PushSubscription.getKey() - Web APIs
auth: an authentication secret, as described in message encryption for web push.

RTCConfiguration.iceServers - Web APIs
the first one, stun:stun.services.mozilla.com, requires authentication, so the username and password are provided.

RTCIceCredentialType - Web APIs
the webrtc api's rtcicecredentialtype enumerated string type defines the authentication method used to gain access to an ice server identified by an rtciceserver object.

RTCIdentityErrorEvent - Web APIs
rtcidentityerrorevent.loginurl read only is a domstring giving the url where the user can complete the authentication.

RTCPeerConnection() - Web APIs
certificates optional an array of objects of type rtccertificate which are used by the connection for authentication.

RTCPeerConnection - Web APIs
a track is isolated if its content cannot be accessed by the owning document due to lack of authentication or if the track comes from a cross-origin source.

Storage Access API - Web APIs
as an example, federated logins often require access to authentication cookies stored in first-party storage, and will require the user to sign in on each site separately (or completely break) if those cookies are not available.

SubtleCrypto.digest() - Web APIs
hint: if you are looking here for how to create an keyed-hash message authentication code (hmac), you need to use the subtlecrypto.sign() instead.

SubtleCrypto.sign() - Web APIs
hmac the hmac algorithm calculates and verifies hash-based message authentication codes according to the fips 198-1 standard.

SubtleCrypto - Web APIs
cryptography functions these are the functions you can use to implement security features such as privacy and authentication in a system.

XMLHttpRequest.mozAnon - Web APIs
if true, the request will be sent without cookies or authentication headers.

XMLHttpRequest.mozBackgroundRequest - Web APIs
in cases in where a security dialog (such as authentication or a bad certificate notification) would normally be shown, this request fails instead.

XMLHttpRequest - Web APIs
if true, the request will be sent without cookie and authentication headers.

Web APIs
m recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api interfaces this is a list of all the interfaces (that is, types of objects) that are available.

Operable - Accessibility
2.2.5 re-authenticating (aaa) if an authentication session expires during usage of a web app, the user can re-authenticate and continue their usage without losing any data.

Event reference
mozbrowserusernameandpasswordrequired firefox os browser api-specific sent when an http authentication is requested.

Guide to Web APIs - Developer guides
m recordingnnavigation timingnetwork information api ppage visibility apipayment request apiperformance apiperformance timeline apipermissions apipointer eventspointer lock apiproximity events push api rresize observer apiresource timing apisserver sent eventsservice workers apistoragestorage access apistreams ttouch eventsuurl apivvibration apivisual viewport wweb animationsweb audio apiweb authentication apiweb crypto apiweb notificationsweb storage apiweb workers apiwebglwebrtcwebvttwebxr device apiwebsockets api ...

The HTML autocomplete attribute - HTML: Hypertext Markup Language
perhaps the browser offers the ability to save encrypted credit card information, for autocompletion following an authentication procedure.

HTML attribute: crossorigin - HTML: Hypertext Markup Language
the "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side ssl certificates or http authentication as described in the terminology section of the cors specification, unless it is in the same origin.

HTTP caching - HTTP
this can be useful if pages with http authentication, or response status codes that aren't normally cacheable, should now be cached.

Access-Control-Allow-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http cookies or http authentication information).

Access-Control-Allow-Methods - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http cookies or http authentication information).

Access-Control-Expose-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http cookies or http authentication information).

Clear-Site-Data - HTTP
http authentication credentials are also cleared out.

Feature-Policy: publickey-credentials-get - HTTP
web authentication level 2 editor's draft.

Feature-Policy - HTTP
publickey-credentials-get controls whether the current document is allowed to use the web authentication api to retreive already stored public-key credentials, i.e.

From - HTTP
you shouldn't use the from header for access control or authentication.

Trailer - HTTP
these header fields are disallowed: message framing headers (e.g., transfer-encoding and content-length), routing headers (e.g., host), request modifiers (e.g., controls and conditionals, like cache-control, max-forwards, or te), authentication headers (e.g., authorization or set-cookie), or content-encoding, content-type, content-range, and trailer itself.

Proxy servers and tunneling - HTTP
there are two types of proxies: forward proxies (or tunnel, or gateway) and reverse proxies (used to control and protect access to a server for load-balancing, authentication, decryption or caching).

HTTP resources and specifications - HTTP
rfc 7233 hypertext transfer protocol (http/1.1): range requests proposed standard rfc 7234 hypertext transfer protocol (http/1.1): caching proposed standard rfc 5861 http cache-control extensions for stale content informational rfc 8246 http immutable responses proposed standard rfc 7235 hypertext transfer protocol (http/1.1): authentication proposed standard rfc 6265 http state management mechanism defines cookies proposed standard draft spec cookie prefixes ietf draft draft spec same-site cookies ietf draft draft spec deprecate modification of 'secure' cookies from non-secure origins ietf draft rfc 2145 use and interpretation of http version numbers i...

Navigation and resource timings - Web Performance
a connection is considered as opened when all secure connection handshake, or socks authentication, is terminated.

Features restricted to secure contexts - Web security
push api 42 17 not supported 44 reporting api supported not supported not supported behind flag since fx 65 service workers 40 17 11.1 44 storage api 55 not supported not supported 51 web authentication api 65 in preview (17) in development 60 web bluetooth 56 not supported not supported not supported web midi (see midiaccess, for example) 43 not supported not supported not supported web crypto api 60 79 not supported 75 secure context restrictions that vary by browser some browsers may decide to disable certain ...

Web security
security-related glossary terms block cipher mode of operation certificate authority challenge-response authentication cipher cipher suite ciphertext cors cors-safelisted request header cors-safelisted response header cross-site scripting cryptanalysis cryptographic hash function cryptography csp csrf decryption digital certificate dtls encryption forbidden header name forbidden response header name h...