response property

AuthenticatorResponse get response

The response read-only property of the PublicKeyCredential interface is an AuthenticatorResponse object which is sent from the authenticator to the user agent for the creation/fetching of credentials. The information contained in this response will be used by the relying party's server to verify the demand is legitimate.

An AuthenticatorResponse is either:

• an AuthenticatorAttestationResponse (when the PublicKeyCredential is created via CredentialsContainer.create)
• an AuthenticatorAssertionResponse (when the PublicKeyCredential is obtained via CredentialsContainer.get).

In order to validate the creation of credentials, a relying party's server needs both:

• this response
• the extensions of the client (given by PublicKeyCredential.getClientExtensionResults) to validate the demand.

Note: When validating the fetching of existing credentials, the whole PublicKeyCredential object and the client extensions are necessary for the relying party's server.

Note: This property may only be used in top-level contexts and will not be available in an iframe for example.

Implementation

external AuthenticatorResponse get response;