Public Key Credential Creation Options (credential_creation_options)

This configuration specifies the desired attributes of a to-be-created credential. The configuration is sent from the server to the user agent when the agent requests a new public key credential.

The table below describes the parameters involved, as specified by the W3C Recommendation from 8 April 2021 Web Authentication: An API for accessing Public KeyCredentials Level 2. The links refer to the W3C document.

A specification of how the user agent algorithm is determined by this configuration can be found here.

{
  "name": "TokensDb",
  "config": {
    "db_driver": "com.microsoft.sqlserver.jdbc.SQLServerDriver",
    "jdbc": {
      "url": "jdbc:sqlserver://172.16.238.15:1433;database=fortifiedid_tokens;encrypt=false",
      "username": "sa",
      "password": "yourStrong(!)Password"
    },
    "namespace": "default",
    "secret_key_directory": "resources/secrets",
    "encryption_key": "secret secret",
    "maintenance_batch_size": 31,
    "inactive_token_duration": "PT5M",
    "otp_cache_max_age_seconds": 3600,
    "oathsw": {
      "enabled": false
    },
    "oathhw": {
      "enabled": false
    },
    "webauthn": {
      "enabled": true,
      "origin": "http://example.org:80",
      "user_verification_required": true,
      "user_presence_required": true,
      "credential_creation_options": {
        "rp": {
          "id": "example.org",
          "name": "Example Org."
        },
        "pubKeyCredParams": [
          {
            "type": "public-key",
            "alg": -7
          },
          {
            "type": "public-key",
            "alg": -35
          },
          {
            "type": "public-key",
            "alg": -36
          },
          {
            "type": "public-key",
            "alg": -257
          },
          {
            "type": "public-key",
            "alg": -258
          },
          {
            "type": "public-key",
            "alg": -259
          }
        ],
        "timeout": 60000,
        "authenticatorSelection": {
          "requireResidentKey": false,
          "residentKey": "preferred",
          "userVerification": "preferred"
        }
      }
    }
  }
}

PreviousPasskey (webauthn)NextOther modules

This configuration specifies the desired attributes of a to-be-created credential. The configuration is sent from the server to the user agent when the agent requests a new public key credential.

The table below describes the parameters involved, as specified by the W3C Recommendation from 8 April 2021 Web Authentication: An API for accessing Public KeyCredentials Level 2. The links refer to the W3C document.

A specification of how the user agent algorithm is determined by this configuration can be found here.

{
  "name": "TokensDb",
  "config": {
    "db_driver": "com.microsoft.sqlserver.jdbc.SQLServerDriver",
    "jdbc": {
      "url": "jdbc:sqlserver://172.16.238.15:1433;database=fortifiedid_tokens;encrypt=false",
      "username": "sa",
      "password": "yourStrong(!)Password"
    },
    "namespace": "default",
    "secret_key_directory": "resources/secrets",
    "encryption_key": "secret secret",
    "maintenance_batch_size": 31,
    "inactive_token_duration": "PT5M",
    "otp_cache_max_age_seconds": 3600,
    "oathsw": {
      "enabled": false
    },
    "oathhw": {
      "enabled": false
    },
    "webauthn": {
      "enabled": true,
      "origin": "http://example.org:80",
      "user_verification_required": true,
      "user_presence_required": true,
      "credential_creation_options": {
        "rp": {
          "id": "example.org",
          "name": "Example Org."
        },
        "pubKeyCredParams": [
          {
            "type": "public-key",
            "alg": -7
          },
          {
            "type": "public-key",
            "alg": -35
          },
          {
            "type": "public-key",
            "alg": -36
          },
          {
            "type": "public-key",
            "alg": -257
          },
          {
            "type": "public-key",
            "alg": -258
          },
          {
            "type": "public-key",
            "alg": -259
          }
        ],
        "timeout": 60000,
        "authenticatorSelection": {
          "requireResidentKey": false,
          "residentKey": "preferred",
          "userVerification": "preferred"
        }
      }
    }
  }
}

rp

rp.id

pubKeyCredParams

pubKeyCredParams[].type

pubKeyCredParams[].alg

Cryptographic algorithm

timeout

See step 4.

authenticatorSelection

authenticatorSelection.requireResidentKey

ref

authenticatorSelection.residentKey

ref

authenticatorSelection.userVerification