| appid |
This authentication extension allows WebAuthn
Relying Parties that have previously registered a credential
using the legacy FIDO JavaScript APIs to request an assertion. |
[Web Authentication]
Section §10.1, FIDO AppID Extension (appid) |
[W3C_Web_Authentication_Working_Group] |
|
| txAuthSimple |
This registration extension and authentication
extension allows for a simple form of transaction authorization.
A WebAuthn Relying Party can specify a prompt string, intended
for display on a trusted device on the authenticator |
[Web Authentication]
Section §10.2, Simple Transaction Authorization Extension (txAuthSimple) |
[W3C_Web_Authentication_Working_Group] |
|
| txAuthGeneric |
This registration extension and authentication
extension allows images to be used as transaction
authorization prompts as well. This allows authenticators
without a font rendering engine to be used and also
supports a richer visual appearance than accomplished with
the webauthn.txauth.simple extension. |
[Web Authentication]
Section §10.3, Generic Transaction Authorization Extension (txAuthGeneric) |
[W3C_Web_Authentication_Working_Group] |
|
| authnSel |
This registration extension allows a WebAuthn
Relying Party to guide the selection of the authenticator
that will be leveraged when creating the credential. It is
intended primarily for WebAuthn Relying Parties that wish to
tightly control the experience around credential creation. |
[Web Authentication]
Section §10.4, Authenticator Selection Extension (authnSel) |
[W3C_Web_Authentication_Working_Group] |
|
| exts |
This registration extension enables the WebAuthn
Relying Party to determine which extensions the authenticator
supports. The extension data is a list (CBOR array) of
extension identifiers encoded as UTF-8 Strings. This extension
is added automatically by the authenticator. This extension
can be added to attestation statements. |
[Web Authentication]
Section §10.5, Supported Extensions Extension (exts) |
[W3C_Web_Authentication_Working_Group] |
|
| uvi |
This registration extension and authentication
extension enables use of a user verification index. The
user verification index is a value uniquely identifying a
user verification data record. The UVI data can be used by
servers to understand whether an authentication was
authorized by the exact same biometric data as the initial
key generation. This allows the detection and prevention of
"friendly fraud". |
[Web Authentication]
Section §10.6, User Verification Index Extension (uvi) |
[W3C_Web_Authentication_Working_Group] |
|
| loc |
The location registration extension and
authentication extension provides the client device's
current location to the WebAuthn Relying Party, if
supported by the client platform and subject to user
consent. |
[Web Authentication]
Section §10.7, Location Extension (loc) |
[W3C_Web_Authentication_Working_Group] |
|
| uvm |
This registration extension and authentication
extension enables use of a user verification method. The
user verification method extension returns to the WebAuthn
Relying Party which user verification methods (factors)
were used for the WebAuthn operation. |
[Web Authentication]
Section §10.3, User Verification Method Extension (uvm) |
[W3C_Web_Authentication_Working_Group] |
|
| credProtect |
This registration extension allows relying
parties to specify a credential protection policy when
creating a credential. Additionally, authenticators may
choose to establish a default credential protection
policy greater than userVerificationOptional
(the lowest level) and unilaterally enforce such policy. |
[Client to Authenticator Protocol (CTAP)]
Section §12.1 Credential Protection (credProtect) |
[W3C_Web_Authentication_Working_Group] |
|
| credBlob |
This registration extension and authentication
extension enables RPs to provide a small amount of extra
credential configuration information (the credBlob value)
to the authenticator when a credential is made. |
[Client to Authenticator Protocol (CTAP)]
Section §12.2 Credential Blob (credBlob) |
[W3C_Web_Authentication_Working_Group] |
|
| largeBlobKey |
This client platform-only extension provides
for storage and retrieval of a per-credential key that
is used by the client platform when writing and reading
elements in the large-blob array. |
[Client to Authenticator Protocol (CTAP)]
Section §12.3 Large Blob Key (largeBlobKey) |
[W3C_Web_Authentication_Working_Group] |
|
| minPinLength |
This registration extension returns the current
minimum PIN length value to the Relying Party. |
[Client to Authenticator Protocol (CTAP)]
Section §12.4 Minimum PIN Length Extension (minPinLength) |
[W3C_Web_Authentication_Working_Group] |
|
| hmac-secret |
This registration extension and authentication
extension enables the platform to retrieve a symmetric
secret scoped to the credential from the authenticator. |
[Client to Authenticator Protocol (CTAP)]
Section §12.5 HMAC Secret Extension (hmac-secret) |
[W3C_Web_Authentication_Working_Group] |
|
| appidExclude |
This registration extension allows WebAuthn
Relying Parties to exclude authenticators that contain
specified credentials that were created with the legacy
FIDO U2F JavaScript API [FIDOU2FJavaScriptAPI]. |
[Web Authentication]
Section §10.2, FIDO AppID Exclusion Extension (appidExclude) |
[W3C_Web_Authentication_Working_Group] |
|
| credProps |
This client registration extension enables
reporting of a newly-created credential's properties,
as determined by the client, to the calling WebAuthn
Relying Party's web application. |
[Web Authentication]
Section §10.4, Credential Properties Extension (credProps) |
[W3C_Web_Authentication_Working_Group] |
|
| largeBlob |
This client registration extension and
authentication extension allows a Relying Party to
store opaque data associated with a credential. |
[Web Authentication]
Section §10.5, Large blob storage extension (largeBlob) |
[W3C_Web_Authentication_Working_Group] |
|
| payment |
This extension supports the following
functionality defined by the Secure Payment Confirmation API:
(1) it allows credential creation in a cross-origin iframe
(2) it allows a party other than the Relying Party to use
the credential to perform an authentication ceremony on
behalf of the Relying Party, and (3) it allows the browser
to identify and cache Secure Payment Confirmation credentials.
For discussion of important ways in which SPC differs from
Web Authentication, see in particular
[Secure Payment Confirmation §10 Security Considerations] and [Secure Payment Confirmation §11 Privacy Considerations].
|
[Secure Payment Confirmation]
Section §5, WebAuthn Extension - "payment" |
[W3C_Web_Payments_Working_Group] |
|
