The Credential Management API enables a website to create, store, and retrievecredentials. A credential is an item which enables a system to make anauthentication decision: for example, to decide whether to sign a user into an account. We can think of it as a piece of evidence that a user presents to a website to demonstrate that they really are the person they are claiming to be.

Concepts and usage

The central interface is theCredentialsContainer, which is accessed through thenavigator.credentials property and provides three main functions:

• create(): create a new credential.
• store(): store a new credential locally.
• get(): retrieve a credential, which can then be used to log a user in.

The API supports four different types of credential, which are all represented as subclasses ofCredential:

The guide pageCredential types gives an overview of the different credential types and how they are used.

Interfaces

Credential

Provides information about an entity as a prerequisite to a trust decision.

CredentialsContainer

Exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out. This interface is accessible fromnavigator.credentials.

FederatedCredential

Provides information about credentials from a federated identity provider, which is an entity that a website trusts to correctly authenticate a user, and which provides an API for that purpose.OpenID Connect is an example of such a framework.

PasswordCredential

Provides information about a username/password pair.

Extensions to other interfaces

Navigator.credentialsRead only

Returns theCredentialsContainer interface which exposes methods to request credentials and notify the user agent when interesting events occur such as successful sign in or sign out.

Specifications

Browser compatibility

api.Credential

api.CredentialsContainer

api.FederatedCredential

api.PasswordCredential

See also

• Web Authentication API
• WebOTP API
• Federated Credential Management (FedCM) API