Thecreate() method of theCredentialsContainer interface creates a newcredential, which can then be stored and later retrieved using thenavigator.credentials.get() method. The retrieved credential can then be used by a website to authenticate a user.

This method supports three different types of credential:

• A password credential, which enables a user to sign in using a password.
• A federated credential, which enables a user to sign in using a federated identity provider.
• A public key credential, which enables a user to sign in with an authenticator such as a biometric reader built into the platform or a removable hardware token.

Note that theFederated Credential Management API (FedCM) supersedes the federated credential type.

Syntax

create()create(options)

Parameters

optionsOptional

An object that contains options for the requested newCredentials object. It can contain the following properties:

signalOptional

AnAbortSignal object instance that allows an ongoingcreate() operation to be aborted. An aborted operation may complete normally (generally if the abort was received after the operation finished) or reject with anAbortErrorDOMException.

Each of the following properties represents acredential type being created. One and only one of them must be specified:

federatedOptional

AFederatedCredentialInit object containing requirements for creating a federated identify provider credential.

passwordOptional

APasswordCredentialInit object containing requirements for creating a password credential.

publicKeyOptional

APublicKeyCredentialCreationOptions object containing requirements for creating a public key credential. Causes thecreate() call to request that the user agent creates new credentials via an authenticator — either for registering a new account or for associating a new asymmetric key pair with an existing account.

Note:Usage ofcreate() with thepublicKey parameter may be blocked by apublickey-credentials-createPermissions Policy set on your server.

Return value

APromise that resolves with one of the following:

• AFederatedCredential, if the credential type wasfederated.
• APasswordCredential, if the credential type waspassword.
• APublicKeyCredential, if the credential type waspublicKey.

If no credential object can be created, the promise resolves withnull.

Exceptions

TypeError

In the case of aPasswordCredential creation request,id,origin, orpassword were not provided (empty).

NotAllowedErrorDOMException

Possible causes include:

• Usage was blocked by apublickey-credentials-createPermissions Policy.
• The function is called cross-origin but the iframe'sallow attribute does not set an appropriatepublickey-credentials-create policy.
• The function is called cross-origin and the<iframe> does not havetransient activation.
• An attempt is made to create adiscoverable credential (residentKey is set torequired in thecreate() call'sPublicKeyCredentialCreationOptions option), but the user does not have a security key that supports discoverable credentials, and cancels the operation.

AbortErrorDOMException

The operation was aborted.

Examples

Creating a password credential

This example creates a password credential from aPasswordCredentialInit object.

const credInit = {  id: "1234",  name: "Serpentina",  origin: "https://example.org",  password: "the last visible dog",};const makeCredential = document.querySelector("#make-credential");makeCredential.addEventListener("click", async () => {  const cred = await navigator.credentials.create({    password: credInit,  });  console.log(cred.name);  // Serpentina  console.log(cred.password);  // the last visible dog});

Creating a federated credential

This example creates a federated credential from aFederatedCredentialInit object.

const credInit = {  id: "1234",  name: "Serpentina",  origin: "https://example.org",  protocol: "openidconnect",  provider: "https://provider.example.org",};const makeCredential = document.querySelector("#make-credential");makeCredential.addEventListener("click", async () => {  const cred = await navigator.credentials.create({    federated: credInit,  });  console.log(cred.name);  console.log(cred.provider);});

Creating a public key credential

This example creates a public key credential from aPublicKeyCredentialCreationOptions object.

const publicKey = {  challenge: challengeFromServer,  rp: { id: "acme.com", name: "ACME Corporation" },  user: {    id: new Uint8Array([79, 252, 83, 72, 214, 7, 89, 26]),    name: "jamiedoe",    displayName: "Jamie Doe",  },  pubKeyCredParams: [{ type: "public-key", alg: -7 }],};const publicKeyCredential = await navigator.credentials.create({ publicKey });

Thecreate() call, if successful, returns a promise that resolves with aPublicKeyCredential object instance, representing a public key credential that can later be used to authenticate a user via a WebAuthnget() call. ItsPublicKeyCredential.response property contains anAuthenticatorAttestationResponse object providing access to several useful pieces of information including the authenticator data, public key, transport mechanisms, and more.

navigator.credentials.create({ publicKey }).then((publicKeyCredential) => {  const response = publicKeyCredential.response;  // Access attestationObject ArrayBuffer  const attestationObj = response.attestationObject;  // Access client JSON  const clientJSON = response.clientDataJSON;  // Return authenticator data ArrayBuffer  const authenticatorData = response.getAuthenticatorData();  // Return public key ArrayBuffer  const pk = response.getPublicKey();  // Return public key algorithm identifier  const pkAlgo = response.getPublicKeyAlgorithm();  // Return permissible transports array  const transports = response.getTransports();});

Some of this data will need to be stored on the server for future authentication operations against this credential — for example the public key, the algorithm used, and the permissible transports.

Specifications

Browser compatibility