Secure context
This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
excludeCredentials
, an optional property of the PublicKeyCredentialCreationOptions
dictionary, is an Array
whose elements are descriptors for the public keys already existing for a given user. This is provided by the relying party's server if it wants to prevent creation of new credentials for an existing user.
Syntax
excludeCredentials = publicKeyCredentialCreationOptions.excludeCredentials
Value
An Array
whose elements are objects with the following properties:
type
- A string describing type of public-key credential to be created. As of this writing (March 2019), only "
public-key
" may be used. id
- A
BufferSource
matching an existing public key credential identifier (PublicKeyCredential.rawId
). This identifier is generated during the creation of thePublicKeyCredential
instance. transports
Optional- An
Array
of strings describing the possible transports between the client and the authenticator. The value of the strings may be:- "
usb
": the authenticator can be contacted via a removable USB link - "
nfc
": the authenticator may be used over NFC (Near Field Communication) - "
ble
": the authenticator may be used over BLE (Bluetooth Low Energy) - "
internal
": the authenticator is specifically bound to the client device (cannot be removed).
- "
If the authenticator already contains one of such a public key credential, the client will throw a DOMException
or asks the user if they want to create a new credential.
Examples
var publicKey = { excludeCredentials: [ { type: "public-key", // the id for john.doe@example.com id : new Uint8Array(26) /* this actually is given by the server */ }, { type: "public-key", // the id for john-doe@example.com id : new Uint8Array(26) /* another id */ } ], challenge: new Uint8Array(26) /* this actually is given from the server */, rp: { name: "Example CORP", id : "login.example.com" }, user: { id: new Uint8Array(26), /* To be changed for each user */ name: "jdoe@example.com", displayName: "John Doe", }, pubKeyCredParams: [ { type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publicKey }) .then(function (newCredentialInfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); });
Specifications
Specification | Status | Comment |
---|---|---|
Web Authentication: An API for accessing Public Key Credentials Level 1 The definition of 'excludeCredentials' in that specification. |
Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
excludeCredentials | Chrome Full support 67 | Edge Full support ≤79 | Firefox Full support 60 | IE ? | Opera ? | Safari Full support 13 | WebView Android No support No | Chrome Android Full support 67 | Firefox Android ? | Opera Android ? | Safari iOS Full support 13.3 | Samsung Internet Android No support No |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.
- Experimental. Expect behavior to change in the future.