<!doctype html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="https://developer.mozilla.org/favicon-48x48.bc390275e955dacb2e65.png"/><link rel="apple-touch-icon" href="https://developer.mozilla.org/apple-touch-icon.528534bba673c38049c2.png"/><meta name="theme-color" content="#ffffff"/><link rel="manifest" href="https://developer.mozilla.org/manifest.f42880861b394dd4dc9b.json"/><link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="MDN Web Docs"/><title>Credential types - Web APIs | MDN</title><link rel="alternate" title="Credenzitypen" href="https://developer.mozilla.org/de/docs/Web/API/Credential_Management_API/Credential_types" hrefLang="de"/><link rel="alternate" title="Credential types" href="https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API/Credential_types" hrefLang="en"/><link rel="preload" as="font" type="font/woff2" href="/static/media/Inter.var.c2fe3cb2b7c746f7966a.woff2" crossorigin=""/><link rel="alternate" type="application/rss+xml" title="MDN Blog RSS Feed" href="https://developer.mozilla.org/en-US/blog/rss.xml" hrefLang="en"/><meta name="description" content="The Credential Management API enables a website to create, store, and retrieve the credentials that allow a user to securely log in. It supports four different types of credentials:"/><meta property="og:url" content="https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API/Credential_types"/><meta property="og:title" content="Credential types - Web APIs | MDN"/><meta property="og:type" content="website"/><meta property="og:locale" content="en_US"/><meta property="og:description" content="The Credential Management API enables a website to create, store, and retrieve the credentials that allow a user to securely log in. It supports four different types of credentials:"/><meta property="og:image" content="https://developer.mozilla.org/mdn-social-share.d893525a4fb5fb1f67a2.png"/><meta property="og:image:type" content="image/png"/><meta property="og:image:height" content="1080"/><meta property="og:image:width" content="1920"/><meta property="og:image:alt" content="The MDN Web Docs logo, featuring a blue accent color, displayed on a solid black background."/><meta property="og:site_name" content="MDN Web Docs"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:creator" content="MozDevNet"/><link rel="canonical" href="https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API/Credential_types"/><style media="print">.article-actions-container,.document-toc-container,.language-menu,.main-menu-toggle,.on-github,.page-footer,.place,.sidebar,.top-banner,.top-navigation-main,ul.prev-next{display:none!important}.main-page-content,.main-page-content pre{padding:2px}.main-page-content pre{border-left-width:2px}</style><script src="/static/js/gtag.js" defer=""></script><script defer="" src="/static/js/main.5e889624.js"></script><link href="/static/css/main.26c64ea7.css" rel="stylesheet"/></head><body><script>if(document.body.addEventListener("load",(t=>{t.target.classList.contains("interactive")&&t.target.setAttribute("data-readystate","complete")}),{capture:!0}),window&&document.documentElement){const t={light:"#ffffff",dark:"#1b1b1b"};try{const e=window.localStorage.getItem("theme");e&&(document.documentElement.className=e,document.documentElement.style.backgroundColor=t[e]);const o=window.localStorage.getItem("nop");o&&(document.documentElement.dataset.nop=o)}catch(t){console.warn("Unable to read theme from localStorage",t)}}</script><div id="root"><ul id="nav-access" class="a11y-nav"><li><a id="skip-main" href="#content">Skip to main content</a></li><li><a id="skip-search" href="#top-nav-search-input">Skip to search</a></li><li><a id="skip-select-language" href="#languages-switcher-button">Skip to select language</a></li></ul><div class="page-wrapper category-api document-page"><div class="top-banner loading"><section class="place top container"></section></div><div class="sticky-header-container"><header class="top-navigation "><div class="container "><div class="top-navigation-wrap"><a href="/en-US/" class="logo" aria-label="MDN homepage"><svg id="mdn-docs-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 694.9 104.4" style="enable-background:new 0 0 694.9 104.4" xml:space="preserve" role="img"><title>MDN Web Docs</title><path d="M40.3 0 11.7 92.1H0L28.5 0h11.8zm10.4 0v92.1H40.3V0h10.4zM91 0 62.5 92.1H50.8L79.3 0H91zm10.4 0v92.1H91V0h10.4z" class="logo-m"></path><path d="M627.9 95.6h67v8.8h-67v-8.8z" class="logo-_"></path><path d="M367 42h-4l-10.7 30.8h-5.5l-10.8-26h-.4l-10.5 26h-5.2L308.7 42h-3.8v-5.6H323V42h-6.5l6.8 20.4h.4l10.3-26h4.7l11.2 26h.5l5.7-20.3h-6.2v-5.6H367V42zm34.9 20c-.4 3.2-2 5.9-4.7 8.2-2.8 2.3-6.5 3.4-11.3 3.4-5.4 0-9.7-1.6-13.1-4.7-3.3-3.2-5-7.7-5-13.7 0-5.7 1.6-10.3 4.7-14s7.4-5.5 12.9-5.5c5.1 0 9.1 1.6 11.9 4.7s4.3 6.9 4.3 11.3c0 1.5-.2 3-.5 4.7h-25.6c.3 7.7 4 11.6 10.9 11.6 2.9 0 5.1-.7 6.5-2 1.5-1.4 2.5-3 3-4.9l6 .9zM394 51.3c.2-2.4-.4-4.7-1.8-6.9s-3.8-3.3-7-3.3c-3.1 0-5.3 1-6.9 3-1.5 2-2.5 4.4-2.8 7.2H394zm51 2.4c0 5-1.3 9.5-4 13.7s-6.9 6.2-12.7 6.2c-6 0-10.3-2.2-12.7-6.7-.1.4-.2 1.4-.4 2.9s-.3 2.5-.4 2.9h-7.3c.3-1.7.6-3.5.8-5.3.3-1.8.4-3.7.4-5.5V22.3h-6v-5.6H416v27c1.1-2.2 2.7-4.1 4.7-5.7 2-1.6 4.8-2.4 8.4-2.4 4.6 0 8.4 1.6 11.4 4.7 3 3.2 4.5 7.6 4.5 13.4zm-7.7.6c0-4.2-1-7.4-3-9.5-2-2.2-4.4-3.3-7.4-3.3-3.4 0-6 1.2-8 3.7-1.9 2.4-2.9 5-3 7.7V57c0 3 1 5.6 3 7.7s4.5 3.1 7.6 3.1c3.6 0 6.3-1.3 8.1-3.9 1.8-2.7 2.7-5.9 2.7-9.6zm69.2 18.5h-13.2v-7.2c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2 5.7 0 9.8 2.2 12.3 6.5V22.3h-8.6v-5.6h15.8v50.6h6v5.5zM493.2 56v-4.4c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm53.1-1.4c0 5.6-1.8 10.2-5.3 13.7s-8.2 5.3-13.9 5.3-10.1-1.7-13.4-5.1c-3.3-3.4-5-7.9-5-13.5 0-5.3 1.6-9.9 4.7-13.7 3.2-3.8 7.9-5.7 14.2-5.7s11 1.9 14.1 5.7c3 3.7 4.6 8.1 4.6 13.3zm-7.7-.2c0-4-1-7.2-3-9.5s-4.8-3.5-8.2-3.5c-3.6 0-6.4 1.2-8.3 3.7s-2.9 5.6-2.9 9.5c0 3.7.9 6.8 2.8 9.4 1.9 2.6 4.6 3.9 8.3 3.9 3.6 0 6.4-1.3 8.4-3.8 1.9-2.6 2.9-5.8 2.9-9.7zm45 5.8c-.4 3.2-1.9 6.3-4.4 9.1-2.5 2.9-6.4 4.3-11.8 4.3-5.2 0-9.4-1.6-12.6-4.8-3.2-3.2-4.8-7.7-4.8-13.7 0-5.5 1.6-10.1 4.7-13.9 3.2-3.8 7.6-5.7 13.2-5.7 2.3 0 4.6.3 6.7.8 2.2.5 4.2 1.5 6.2 2.9l1.5 9.5-5.9.7-1.3-6.1c-2.1-1.2-4.5-1.8-7.2-1.8-3.5 0-6.1 1.2-7.7 3.7-1.7 2.5-2.5 5.7-2.5 9.6 0 4.1.9 7.3 2.7 9.5 1.8 2.3 4.4 3.4 7.8 3.4 5.2 0 8.2-2.9 9.2-8.8l6.2 1.3zm34.7 1.9c0 3.6-1.5 6.5-4.6 8.5s-7 3-11.7 3c-5.7 0-10.6-1.2-14.6-3.6l1.2-8.8 5.7.6-.2 4.7c1.1.5 2.3.9 3.6 1.1s2.6.3 3.9.3c2.4 0 4.5-.4 6.5-1.3 1.9-.9 2.9-2.2 2.9-4.1 0-1.8-.8-3.1-2.3-3.8s-3.5-1.3-5.8-1.7-4.6-.9-6.9-1.4c-2.3-.6-4.2-1.6-5.7-2.9-1.6-1.4-2.3-3.5-2.3-6.3 0-4.1 1.5-6.9 4.6-8.5s6.4-2.4 9.9-2.4c2.6 0 5 .3 7.2.9 2.2.6 4.3 1.4 6.1 2.4l.8 8.8-5.8.7-.8-5.7c-2.3-1-4.7-1.6-7.2-1.6-2.1 0-3.7.4-5.1 1.1-1.3.8-2 2-2 3.8 0 1.7.8 2.9 2.3 3.6 1.5.7 3.4 1.2 5.7 1.6 2.2.4 4.5.8 6.7 1.4 2.2.6 4.1 1.6 5.7 3 1.4 1.6 2.2 3.7 2.2 6.6zM197.6 73.2h-17.1v-5.5h3.8V51.9c0-3.7-.7-6.3-2.1-7.9-1.4-1.6-3.3-2.3-5.7-2.3-3.2 0-5.6 1.1-7.2 3.4s-2.4 4.6-2.5 6.9v15.6h6v5.5h-17.1v-5.5h3.8V51.9c0-3.8-.7-6.4-2.1-7.9-1.4-1.5-3.3-2.3-5.6-2.3-3.2 0-5.5 1.1-7.2 3.3-1.6 2.2-2.4 4.5-2.5 6.9v15.8h6.9v5.5h-20.2v-5.5h6V42.4h-6.1v-5.6h13.4v6.4c1.2-2.1 2.7-3.8 4.7-5.2 2-1.3 4.4-2 7.3-2s5.3.7 7.5 2.1c2.2 1.4 3.7 3.5 4.5 6.4 1.1-2.5 2.7-4.5 4.9-6.1s4.8-2.4 7.9-2.4c3.5 0 6.5 1.1 8.9 3.3s3.7 5.6 3.7 10.2v18.2h6.1v5.5zm42.5 0h-13.2V66c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2s9.8 2.2 12.3 6.5V22.7h-8.6v-5.6h15.8v50.6h6v5.5zm-13.3-16.8V52c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm61.5 16.8H269v-5.5h6V51.9c0-3.7-.7-6.3-2.2-7.9-1.4-1.6-3.4-2.3-5.7-2.3-3.1 0-5.6 1-7.4 3s-2.8 4.4-2.9 7v15.9h6v5.5h-19.3v-5.5h6V42.4h-6.2v-5.6h13.6V43c2.6-4.6 6.8-6.9 12.7-6.9 3.6 0 6.7 1.1 9.2 3.3s3.7 5.6 3.7 10.2v18.2h6v5.4h-.2z" class="logo-text"></path></svg></a><button title="Open main menu" type="button" class="button action has-icon main-menu-toggle" aria-haspopup="menu" aria-label="Open main menu" aria-expanded="false"><span class="button-wrap"><span class="icon icon-menu "></span><span class="visually-hidden">Open main menu</span></span></button></div><div class="top-navigation-main"><nav class="main-nav" aria-label="Main menu"><ul class="main-menu nojs"><li class="top-level-entry-container active"><button type="button" id="references-button" class="top-level-entry menu-toggle" aria-controls="references-menu" aria-expanded="false">References</button><a href="/en-US/docs/Web" class="top-level-entry">References</a><ul id="references-menu" class="submenu references hidden inline-submenu-lg" aria-labelledby="references-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Web/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Structure of content on the web</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Web/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Code used to describe document style</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Web/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">General-purpose scripting language</p></div></a></li><li class="http-link-container "><a href="/en-US/docs/Web/HTTP" class="submenu-item "><div class="submenu-icon http"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP</div><p class="submenu-item-description">Protocol for transmitting web resources</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Web/API" class="submenu-item "><div class="submenu-icon apis"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web APIs</div><p class="submenu-item-description">Interfaces for building web applications</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Mozilla/Add-ons/WebExtensions" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Extensions</div><p class="submenu-item-description">Developing extensions for web browsers</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="guides-button" class="top-level-entry menu-toggle" aria-controls="guides-menu" aria-expanded="false">Guides</button><a href="/en-US/docs/Learn" class="top-level-entry">Guides</a><ul id="guides-menu" class="submenu guides hidden inline-submenu-lg" aria-labelledby="guides-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Learn/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Learn to structure web content with HTML</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Learn/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Learn to style content using CSS</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Learn/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">Learn to run scripts in the browser</p></div></a></li><li class=" "><a href="/en-US/docs/Web/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Learn to make the web accessible to all</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="mdn-plus-button" class="top-level-entry menu-toggle" aria-controls="mdn-plus-menu" aria-expanded="false">Plus</button><a href="/en-US/plus" class="top-level-entry">Plus</a><ul id="mdn-plus-menu" class="submenu mdn-plus hidden inline-submenu-lg" aria-labelledby="mdn-plus-button"><li class=" "><a href="/en-US/plus" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview</div><p class="submenu-item-description">A customized MDN experience</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li><li class=" "><a href="/en-US/plus/updates" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Updates</div><p class="submenu-item-description">All browser compatibility updates at a glance</p></div></a></li><li class=" "><a href="/en-US/plus/docs/features/overview" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Documentation</div><p class="submenu-item-description">Learn how to use MDN Plus</p></div></a></li><li class=" "><a href="/en-US/plus/docs/faq" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">FAQ</div><p class="submenu-item-description">Frequently asked questions about MDN Plus</p></div></a></li></ul></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/curriculum/">Curriculum <sup class="new">New</sup></a></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/blog/">Blog</a></li><li class="top-level-entry-container "><button type="button" id="tools-button" class="top-level-entry menu-toggle" aria-controls="tools-menu" aria-expanded="false">Tools</button><ul id="tools-menu" class="submenu tools hidden inline-submenu-lg" aria-labelledby="tools-button"><li class=" "><a href="/en-US/play" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Playground</div><p class="submenu-item-description">Write, test and share your code</p></div></a></li><li class=" "><a href="/en-US/observatory" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP Observatory</div><p class="submenu-item-description">Scan a website for free</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li></ul></li></ul></nav><div class="header-search"><form action="/en-US/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant="" aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autoComplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q" placeholder="   " required="" value=""/><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button><div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div></form></div><div class="theme-switcher-menu"><button type="button" class="button action has-icon theme-switcher-menu small" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-theme-os-default "></span>Theme</span></button></div><ul class="auth-container"><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FWeb%2FAPI%2FCredential_Management_API%2FCredential_types" class="login-link" rel="nofollow">Log in</a></li><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FWeb%2FAPI%2FCredential_Management_API%2FCredential_types" target="_self" rel="nofollow" class="button primary mdn-plus-subscribe-link"><span class="button-wrap">Sign up for free</span></a></li></ul></div></div></header><div class="article-actions-container"><div class="container"><button type="button" class="button action has-icon sidebar-button" aria-label="Expand sidebar" aria-expanded="false" aria-controls="sidebar-quicklinks"><span class="button-wrap"><span class="icon icon-sidebar "></span></span></button><nav class="breadcrumbs-container" aria-label="Breadcrumb"><ol typeof="BreadcrumbList" vocab="https://schema.org/" aria-label="breadcrumbs"><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web" class="breadcrumb" property="item" typeof="WebPage"><span property="name">References</span></a><meta property="position" content="1"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web/API" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Web APIs</span></a><meta property="position" content="2"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web/API/Credential_Management_API" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Credential Management API</span></a><meta property="position" content="3"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web/API/Credential_Management_API/Credential_types" class="breadcrumb-current-page" property="item" typeof="WebPage"><span property="name">Credential types</span></a><meta property="position" content="4"/></li></ol></nav><div class="article-actions"><button type="button" class="button action has-icon article-actions-toggle" aria-label="Article actions"><span class="button-wrap"><span class="icon icon-ellipses "></span><span class="article-actions-dialog-heading">Article Actions</span></span></button><ul class="article-actions-entries"><li class="article-actions-entry"><div class="languages-switcher-menu open-on-focus-within"><button id="languages-switcher-button" type="button" class="button action small has-icon languages-switcher-menu" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-language "></span>English (US)</span></button><div class="hidden"><ul class="submenu language-menu " aria-labelledby="language-menu-button"><li class=" "><form class="submenu-item locale-redirect-setting"><div class="group"><label class="switch"><input type="checkbox" name="locale-redirect"/><span class="slider"></span><span class="label">Remember language</span></label><a href="https://github.com/orgs/mdn/discussions/739" rel="external noopener noreferrer" target="_blank" title="Enable this setting to automatically switch to this language when it&#x27;s available. (Click to learn more.)"><span class="icon icon-question-mark "></span></a></div></form></li><li class=" "><a data-locale="de" href="/de/docs/Web/API/Credential_Management_API/Credential_types" class="button submenu-item"><span>Deutsch</span><span title="Diese Übersetzung ist Teil eines Experiments."><span class="icon icon-experimental "></span></span></a></li></ul></div></div></li></ul></div></div></div></div><div class="main-wrapper"><div class="sidebar-container"><aside id="sidebar-quicklinks" class="sidebar" data-macro="DefaultAPISidebar"><button type="button" class="button action backdrop" aria-label="Collapse sidebar"><span class="button-wrap"></span></button><nav aria-label="Related Topics" class="sidebar-inner"><header class="sidebar-actions"><section class="sidebar-filter-container"><div class="sidebar-filter "><label id="sidebar-filter-label" class="sidebar-filter-label" for="sidebar-filter-input"><span class="icon icon-filter"></span><span class="visually-hidden">Filter sidebar</span></label><input id="sidebar-filter-input" autoComplete="off" class="sidebar-filter-input-field false" type="text" placeholder="Filter" value=""/><button type="button" class="button action has-icon clear-sidebar-filter-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear filter input</span></span></button></div></section></header><div class="sidebar-inner-nav"><div class="in-nav-toc"><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#passwords">Passwords</a></li><li class="document-toc-item "><a class="document-toc-link" href="#federated_identity_credentials">Federated identity credentials</a></li><li class="document-toc-item "><a class="document-toc-link" href="#one-time_passwords">One-time passwords</a></li><li class="document-toc-item "><a class="document-toc-link" href="#web_authentication_assertions">Web Authentication assertions</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></div><div class="sidebar-body"><ol><li class="section"><a href="/en-US/docs/Web/API/Credential_Management_API">Credential Management API</a></li><li class="toggle"><details open=""><summary>Guides</summary><ol><li><em><a href="/en-US/docs/Web/API/Credential_Management_API/Credential_types" aria-current="page">Credential types</a></em></li></ol></details></li><li class="toggle"><details open=""><summary>Interfaces</summary><ol><li><a href="/en-US/docs/Web/API/Credential"><code>Credential</code></a></li><li><a href="/en-US/docs/Web/API/CredentialsContainer"><code>CredentialsContainer</code></a></li><li><a href="/en-US/docs/Web/API/FederatedCredential"><code>FederatedCredential</code></a></li><li><a href="/en-US/docs/Web/API/FederatedCredentialInit"><code>FederatedCredentialInit</code></a></li><li><a href="/en-US/docs/Web/API/PasswordCredential"><code>PasswordCredential</code></a></li><li><a href="/en-US/docs/Web/API/PasswordCredentialInit"><code>PasswordCredentialInit</code></a></li></ol></details></li><li class="toggle"><details open=""><summary>Properties</summary><ol><li><a href="/en-US/docs/Web/API/Navigator/credentials"><code>Navigator.credentials</code></a></li></ol></details></li></ol></div></div><section class="place side"></section></nav></aside><div class="toc-container"><aside class="toc"><nav><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#passwords">Passwords</a></li><li class="document-toc-item "><a class="document-toc-link" href="#federated_identity_credentials">Federated identity credentials</a></li><li class="document-toc-item "><a class="document-toc-link" href="#one-time_passwords">One-time passwords</a></li><li class="document-toc-item "><a class="document-toc-link" href="#web_authentication_assertions">Web Authentication assertions</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></nav></aside><section class="place side"></section></div></div><main id="content" class="main-content "><article class="main-page-content" lang="en-US"><header><h1>Credential types</h1></header><div class="section-content"><p>The Credential Management API enables a website to create, store, and retrieve the <a href="/en-US/docs/Glossary/Credential">credentials</a> that allow a user to securely log in. It supports four different types of credentials:</p> <figure class="table-container"><table> <thead> <tr> <th>Type</th> <th>Interface</th> </tr> </thead> <tbody> <tr> <td>Password</td> <td><a href="/en-US/docs/Web/API/PasswordCredential"><code>PasswordCredential</code></a></td> </tr> <tr> <td>Federated identity</td> <td><a href="/en-US/docs/Web/API/IdentityCredential"><code>IdentityCredential</code></a>, <a href="/en-US/docs/Web/API/FederatedCredential"><code>FederatedCredential</code></a> (deprecated)</td> </tr> <tr> <td>One-time password (OTP)</td> <td><a href="/en-US/docs/Web/API/OTPCredential"><code>OTPCredential</code></a></td> </tr> <tr> <td>Web Authentication</td> <td><a href="/en-US/docs/Web/API/PublicKeyCredential"><code>PublicKeyCredential</code></a></td> </tr> </tbody> </table></figure> <p>The credential types are all represented as subclasses of the <a href="/en-US/docs/Web/API/Credential"><code>Credential</code></a> interface:</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/credential-types.svg" alt="Class diagram showing the five different credential subclasses." width="531" height="301" loading="lazy"> </p> <p>In this guide we'll introduce the different credential types and explain at a high level how they are used.</p> <div class="notecard note"> <p><strong>Note:</strong> Although we're describing all the credential types together here, the different credential types are defined in several different specifications, which extend the main Credential Management API specification.</p> <ul> <li><a href="https://w3c.github.io/webappsec-credential-management/" class="external" target="_blank">Credential Management API</a> defines passwords and legacy federated credentials.</li> <li><a href="https://w3c-fedid.github.io/FedCM/" class="external" target="_blank">Federated Credential Management API</a> defines the new federated credentials.</li> <li><a href="https://wicg.github.io/web-otp/" class="external" target="_blank">WebOTP API</a> defines OTP credentials.</li> <li><a href="https://w3c.github.io/webauthn/" class="external" target="_blank">Web Authentication API</a> defines Web Authentication assertions.</li> </ul> </div></div><section aria-labelledby="passwords"><h2 id="passwords"><a href="#passwords">Passwords</a></h2><div class="section-content"><div class="notecard note"> <p><strong>Note:</strong> Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in a password manager, and can automatically retrieve stored passwords to autofill <a href="/en-US/docs/Web/HTML/Element/input/password">password input elements</a>.</p> </div> <p>Modern browsers provide users with a password manager, which enables users to store the passwords they enter on websites, and later retrieve them when they need to log in again. Password managers can help with password security by remembering passwords for users and autofilling them, which allows users to choose stronger passwords.</p> <p>In the Credential Management API, a password is represented by the <a href="/en-US/docs/Web/API/PasswordCredential"><code>PasswordCredential</code></a> interface. When a user successfully registers for or signs into your site, you can call the <a href="/en-US/docs/Web/API/PasswordCredential/PasswordCredential" title="PasswordCredential()"><code>PasswordCredential()</code></a> constructor or <a href="/en-US/docs/Web/API/CredentialsContainer/create" title="navigator.credentials.create()"><code>navigator.credentials.create()</code></a> to create a <code>PasswordCredential</code> object from the credentials the user entered. You can then pass this into <a href="/en-US/docs/Web/API/CredentialsContainer/store" title="navigator.credentials.store()"><code>navigator.credentials.store()</code></a>, and the browser will ask the user if they want to store the password in the password manager.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/password-create.svg" alt="Sequence diagram showing creation and storage of a password credential." width="622" height="412" loading="lazy"> </p> <p>When a user visits your site, you can call <a href="/en-US/docs/Web/API/CredentialsContainer/get" title="navigator.credentials.get()"><code>navigator.credentials.get()</code></a> to retrieve a stored password for your site, and use it to log the user in. Depending on the situation, you can log the user in silently or use the returned password to auto-fill a form field.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/password-get.svg" alt="Sequence diagram showing sign-in with a password credential." width="661" height="412" loading="lazy"> </p></div></section><section aria-labelledby="federated_identity_credentials"><h2 id="federated_identity_credentials"><a href="#federated_identity_credentials">Federated identity credentials</a></h2><div class="section-content"><p>In a <a href="/en-US/docs/Glossary/Federated_identity">federated identity</a> system, a separate entity acts as an intermediary between the user and the website they are trying to sign into. This entity, called an <a href="/en-US/docs/Glossary/Identity_provider">identity provider</a> (IdP), manages the user's credentials, can authenticate users, and is trusted by the website to make assertions about a user's identity.</p> <p>The user has an account with the IdP: when they need to sign into the website they authenticate with the IdP. The IdP then returns a token to the user's browser, which the browser delivers to the website. The website verifies the token and, if verification succeeds, signs the user in.</p> <p>Federated identity is often provided as a service by corporations: for example, users who have Google, Microsoft, or Facebook accounts can use them to sign into websites that support them.</p> <p>The <a href="/en-US/docs/Web/API/FedCM_API">Federated Credential Management API</a> defines a privacy-preserving mechanism for federated identity on the web. You start by calling <a href="/en-US/docs/Web/API/CredentialsContainer/get" title="navigator.credentials.get()"><code>navigator.credentials.get()</code></a> to request a federated identity credential, and this triggers a protocol exchange between the browser and the IdP.</p> <p>If, in the course of this exchange, the user can be authenticated with the IdP, the browser returns an <a href="/en-US/docs/Web/API/IdentityCredential"><code>IdentityCredential</code></a> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>. The website front end code can send this to the server for verification.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/fed-cm-get.svg" alt="Sequence diagram showing sign-in using a federated identity credential." width="804" height="412" loading="lazy"> </p> <p>Note that <a href="/en-US/docs/Web/API/CredentialsContainer/create" title="create()"><code>create()</code></a> and <a href="/en-US/docs/Web/API/CredentialsContainer/store" title="store()"><code>store()</code></a> are not used when working with the Federated Credential Management API.</p> <div class="notecard note"> <p><strong>Note:</strong> Support for federated identity in the Credential Management API was originally provided through the <a href="/en-US/docs/Web/API/FederatedCredential"><code>FederatedCredential</code></a> interface. However, this mechanism depends on technologies such as <a href="/en-US/docs/Web/Privacy/Third-party_cookies">third-party cookies</a>, which are intrinsically privacy-invasive. These technologies were <a href="/en-US/blog/goodbye-third-party-cookies/">deprecated in browsers</a>, therefore a new approach was needed.</p> </div></div></section><section aria-labelledby="one-time_passwords"><h2 id="one-time_passwords"><a href="#one-time_passwords">One-time passwords</a></h2><div class="section-content"><p>A one-time password (OTP) is an authentication technique in which the website sends a unique code to the user via a messaging system such as email or SMS. The user must then enter the code on the site to prove their control of the communications endpoint. Websites sometimes use this as a second authentication factor in addition to a password.</p> <p>The <a href="/en-US/docs/Web/API/WebOTP_API">WebOTP API</a> defines the <a href="/en-US/docs/Web/API/OTPCredential"><code>OTPCredential</code></a> interface, which solves a specific usability problem in this exchange: when a user receives the code, they have to open a different application, find the message, then copy the code into a form on the website. This is awkward, especially on a mobile device, and especially when the device receiving the message is the same as the device being used to sign into the site.</p> <p>In browsers that support the <code>OTPCredential</code> type, the website's front end can call <a href="/en-US/docs/Web/API/CredentialsContainer/get" title="navigator.credentials.get()"><code>navigator.credentials.get()</code></a>, asking for an OTP credential, then ask the backend to generate a code and send the message containing it (only SMS is supported as a transport). The backend must send a specially formatted SMS message, which the browser can read.</p> <p>The browser then returns an <code>OTPCredential</code> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>, and this object contains the code. The website front end can use the code to autofill an input element on the site, or submit the code to the server automatically.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/otp-get.svg" alt="Sequence diagram showing sign-in using an OTP credential." width="689" height="531" loading="lazy"> </p> <p>Note that <a href="/en-US/docs/Web/API/CredentialsContainer/create" title="create()"><code>create()</code></a> and <a href="/en-US/docs/Web/API/CredentialsContainer/store" title="store()"><code>store()</code></a> are not used when working with OTP credentials.</p></div></section><section aria-labelledby="web_authentication_assertions"><h2 id="web_authentication_assertions"><a href="#web_authentication_assertions">Web Authentication assertions</a></h2><div class="section-content"><p>The <a href="/en-US/docs/Web/API/Web_Authentication_API">Web Authentication API</a> (WebAuthn) enables users to log into websites by asking an <em>authenticator</em> to generate digitally signed assertions about a user's identity.</p> <p>An authenticator is an entity that is inside or attached to the user's device, and that can perform the cryptographic operations needed to register and authenticate users, and securely store the cryptographic keys used in these operations. An authenticator might be integrated into the device, like the <a href="https://en.wikipedia.org/wiki/Touch_ID" class="external" target="_blank">Touch ID</a> system in Apple devices or the <a href="https://en.wikipedia.org/wiki/Windows_10#System_security" class="external" target="_blank">Windows Hello</a> system, or it might be a removable module like a <a href="https://en.wikipedia.org/wiki/YubiKey" class="external" target="_blank">YubiKey</a>.</p> <p>Instead of passwords, WebAuthn uses <a href="/en-US/docs/Glossary/Public-key_cryptography">public-key cryptography</a> to authenticate users.</p> <p>To register a user on a website using WebAuthn, call <a href="/en-US/docs/Web/API/CredentialsContainer/create" title="navigator.credentials.create()"><code>navigator.credentials.create()</code></a>, providing all the information needed to create a key pair. The authenticator may first ask the user to authenticate themselves, for example using a biometric reader. It will then generate a key pair and return the public key. This key pair is specific to the user and the website. The authenticator may also generate and return a signed <em>attestation</em>: this is a statement that the authenticator itself is (for example) a genuine YubiKey.</p> <p>The website front end sends the public key and attestation to the server, which verifies the attestation and stores the public key with the rest of the new user's account information.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/webauth-create.svg" alt="Sequence diagram showing registration using Web Authentication." width="767" height="502" loading="lazy"> </p> <p>To sign a user into the website, the front end code first fetches a random number from the server, called a <em>challenge</em>. Then it calls <a href="/en-US/docs/Web/API/CredentialsContainer/get" title="navigator.credentials.get()"><code>navigator.credentials.get()</code></a>, passing in the challenge and some other options. The authenticator may, again, first ask the user to authenticate themselves, and will then sign the challenge using the private key.</p> <p>The browser then returns a <code>PublicKeyCredential</code> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>, and this object contains the signed challenge, which is called an <em>assertion</em>. The website front end then sends the assertion to the server, which checks the signature using the stored public key, and decides whether to log the user in.</p> <p> <img src="/en-US/docs/Web/API/Credential_Management_API/Credential_types/webauth-get.svg" alt="Sequence diagram showing sign-in using a Web Authentication assertion." width="767" height="591" loading="lazy"> </p> <p>Note that <a href="/en-US/docs/Web/API/CredentialsContainer/store" title="store()"><code>store()</code></a> is not used when working with WebAuthn: the key pair is created in the authenticator and the private key never leaves it.</p></div></section><section aria-labelledby="see_also"><h2 id="see_also"><a href="#see_also">See also</a></h2><div class="section-content"><ul> <li><a href="/en-US/docs/Web/API/Web_Authentication_API">Web Authentication API</a></li> <li><a href="/en-US/docs/Web/API/WebOTP_API">WebOTP API</a></li> <li><a href="/en-US/docs/Web/API/FedCM_API">Federated Credential Management (FedCM) API</a></li> </ul></div></section></article><aside class="article-footer"><div class="article-footer-inner"><div class="svg-container"><svg xmlns="http://www.w3.org/2000/svg" width="162" height="162" viewBox="0 0 162 162" fill="none" role="none"><mask id="b" fill="#fff"><path d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z"></path></mask><path stroke="url(#a)" stroke-dasharray="6, 6" stroke-width="2" d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z" mask="url(#b)" style="stroke:url(#a)" transform="translate(-63.992 -25.587)"></path><ellipse cx="8.066" cy="111.597" fill="var(--background-tertiary)" rx="53.677" ry="53.699" transform="matrix(.71707 -.697 .7243 .6895 0 0)"></ellipse><g clip-path="url(#c)" transform="translate(-63.992 -25.587)"><path fill="#9abff5" d="m144.256 137.379 32.906 12.434a4.41 4.41 0 0 1 2.559 5.667l-9.326 24.679a4.41 4.41 0 0 1-5.667 2.559l-8.226-3.108-2.332 6.17c-.466 1.233-.375 1.883-1.609 1.417l-2.253-.527c-.411-.155-.95-.594-1.206-1.161l-4.734-10.484-12.545-4.741a4.41 4.41 0 0 1-2.559-5.667l9.325-24.679a4.41 4.41 0 0 1 5.667-2.559m9.961 29.617 8.227 3.108 3.264-8.638-.498-6.768-4.113-1.555.548 7.258-4.319-1.632zm-12.339-4.663 8.226 3.108 3.264-8.637-.498-6.769-4.113-1.554.548 7.257-4.319-1.632z"></path></g><g clip-path="url(#d)" transform="translate(-63.992 -25.587)"><path fill="#81b0f3" d="M135.35 60.136 86.67 41.654c-3.346-1.27-7.124.428-8.394 3.775L64.414 81.938c-1.27 3.347.428 7.125 3.774 8.395l12.17 4.62-3.465 9.128c-.693 1.826-1.432 2.457.394 3.15l3.014 1.625c.609.231 1.637.274 2.477-.104l15.53-6.983 18.56 7.047c3.346 1.27 7.124-.428 8.395-3.775l13.862-36.51c1.27-3.346-.428-7.124-3.775-8.395M95.261 83.207l-12.17-4.62 4.852-12.779 7.19-7.017 6.085 2.31-7.725 7.51 6.389 2.426zm18.255 6.93-12.17-4.62 4.852-12.778 7.189-7.017 6.085 2.31-7.725 7.51 6.39 2.426z"></path></g><defs><clipPath id="c"><path fill="#fff" d="m198.638 146.586-65.056-24.583-24.583 65.057 65.056 24.582z"></path></clipPath><clipPath id="d"><path fill="#fff" d="m66.438 14.055 96.242 36.54-36.54 96.243-96.243-36.54z"></path></clipPath><linearGradient id="a" x1="97.203" x2="199.995" y1="47.04" y2="152.793" gradientUnits="userSpaceOnUse"><stop stop-color="#086DFC"></stop><stop offset="0.246" stop-color="#2C81FA"></stop><stop offset="0.516" stop-color="#5497F8"></stop><stop offset="0.821" stop-color="#80B0F6"></stop><stop offset="1" stop-color="#9ABFF5"></stop></linearGradient></defs></svg></div><h2>Help improve MDN</h2><fieldset class="feedback"><label>Was this page helpful to you?</label><div class="button-container"><button type="button" class="button primary has-icon yes"><span class="button-wrap"><span class="icon icon-thumbs-up "></span>Yes</span></button><button type="button" class="button primary has-icon no"><span class="button-wrap"><span class="icon icon-thumbs-down "></span>No</span></button></div></fieldset><a class="contribute" href="https://github.com/mdn/content/blob/main/CONTRIBUTING.md" title="This will take you to our contribution guidelines on GitHub." target="_blank" rel="noopener noreferrer">Learn how to contribute</a>.<p class="last-modified-date">This page was last modified on<!-- --> <time dateTime="2024-11-22T16:43:48.000Z">Nov 22, 2024</time> by<!-- --> <a href="/en-US/docs/Web/API/Credential_Management_API/Credential_types/contributors.txt" rel="nofollow">MDN contributors</a>.</p><div id="on-github" class="on-github"><a href="https://github.com/mdn/content/blob/main/files/en-us/web/api/credential_management_api/credential_types/index.md?plain=1" title="Folder: en-us/web/api/credential_management_api/credential_types (Opens in a new tab)" target="_blank" rel="noopener noreferrer">View this page on GitHub</a> <!-- -->•<!-- --> <a href="https://github.com/mdn/content/issues/new?template=page-report.yml&amp;mdn-url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FAPI%2FCredential_Management_API%2FCredential_types&amp;metadata=%3C%21--+Do+not+make+changes+below+this+line+--%3E%0A%3Cdetails%3E%0A%3Csummary%3EPage+report+details%3C%2Fsummary%3E%0A%0A*+Folder%3A+%60en-us%2Fweb%2Fapi%2Fcredential_management_api%2Fcredential_types%60%0A*+MDN+URL%3A+https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FAPI%2FCredential_Management_API%2FCredential_types%0A*+GitHub+URL%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fblob%2Fmain%2Ffiles%2Fen-us%2Fweb%2Fapi%2Fcredential_management_api%2Fcredential_types%2Findex.md%0A*+Last+commit%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fcommit%2F5f76b99045f87349ed030bbd6a3c2e43badb3c22%0A*+Document+last+modified%3A+2024-11-22T16%3A43%3A48.000Z%0A%0A%3C%2Fdetails%3E" title="This will take you to GitHub to file a new issue." target="_blank" rel="noopener noreferrer">Report a problem with this content</a></div></div></aside></main></div></div><footer id="nav-footer" class="page-footer"><div class="page-footer-grid"><div class="page-footer-logo-col"><a href="/" class="mdn-footer-logo" aria-label="MDN homepage"><svg width="48" height="17" viewBox="0 0 48 17" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mdn-footer-logo-svg">MDN logo</title><path d="M20.04 16.512H15.504V10.416C15.504 9.488 15.344 8.824 15.024 8.424C14.72 8.024 14.264 7.824 13.656 7.824C12.92 7.824 12.384 8.064 12.048 8.544C11.728 9.024 11.568 9.64 11.568 10.392V14.184H13.008V16.512H8.472V10.416C8.472 9.488 8.312 8.824 7.992 8.424C7.688 8.024 7.232 7.824 6.624 7.824C5.872 7.824 5.336 8.064 5.016 8.544C4.696 9.024 4.536 9.64 4.536 10.392V14.184H6.6V16.512H0V14.184H1.44V8.04H0.024V5.688H4.536V7.32C5.224 6.088 6.32 5.472 7.824 5.472C8.608 5.472 9.328 5.664 9.984 6.048C10.64 6.432 11.096 7.016 11.352 7.8C11.992 6.248 13.168 5.472 14.88 5.472C15.856 5.472 16.72 5.776 17.472 6.384C18.224 6.992 18.6 7.936 18.6 9.216V14.184H20.04V16.512Z" fill="currentColor"></path><path d="M33.6714 16.512H29.1354V14.496C28.8314 15.12 28.3834 15.656 27.7914 16.104C27.1994 16.536 26.4154 16.752 25.4394 16.752C24.0154 16.752 22.8954 16.264 22.0794 15.288C21.2634 14.312 20.8554 12.984 20.8554 11.304C20.8554 9.688 21.2554 8.312 22.0554 7.176C22.8554 6.04 24.0634 5.472 25.6794 5.472C26.5594 5.472 27.2794 5.648 27.8394 6C28.3994 6.352 28.8314 6.8 29.1354 7.344V2.352H26.9754V0H32.2314V14.184H33.6714V16.512ZM29.1354 11.04V10.776C29.1354 9.88 28.8954 9.184 28.4154 8.688C27.9514 8.176 27.3674 7.92 26.6634 7.92C25.9754 7.92 25.3674 8.176 24.8394 8.688C24.3274 9.2 24.0714 10.008 24.0714 11.112C24.0714 12.152 24.3114 12.944 24.7914 13.488C25.2714 14.032 25.8394 14.304 26.4954 14.304C27.3114 14.304 27.9514 13.96 28.4154 13.272C28.8954 12.584 29.1354 11.84 29.1354 11.04Z" fill="currentColor"></path><path d="M47.9589 16.512H41.9829V14.184H43.4229V10.416C43.4229 9.488 43.2629 8.824 42.9429 8.424C42.6389 8.024 42.1829 7.824 41.5749 7.824C40.8389 7.824 40.2709 8.056 39.8709 8.52C39.4709 8.968 39.2629 9.56 39.2469 10.296V14.184H40.6869V16.512H34.7109V14.184H36.1509V8.04H34.5909V5.688H39.2469V7.344C39.9669 6.096 41.1269 5.472 42.7269 5.472C43.7509 5.472 44.6389 5.776 45.3909 6.384C46.1429 6.992 46.5189 7.936 46.5189 9.216V14.184H47.9589V16.512Z" fill="currentColor"></path></svg></a><p>Your blueprint for a better internet.</p><ul class="social-icons"><li><a href="https://mozilla.social/@mdn" target="_blank" rel="me noopener noreferrer"><span class="icon icon-mastodon"></span><span class="visually-hidden">MDN on Mastodon</span></a></li><li><a href="https://twitter.com/mozdevnet" target="_blank" rel="noopener noreferrer"><span class="icon icon-twitter-x"></span><span class="visually-hidden">MDN on X (formerly Twitter)</span></a></li><li><a href="https://github.com/mdn/" target="_blank" rel="noopener noreferrer"><span class="icon icon-github-mark-small"></span><span class="visually-hidden">MDN on GitHub</span></a></li><li><a href="/en-US/blog/rss.xml" target="_blank"><span class="icon icon-feed"></span><span class="visually-hidden">MDN Blog RSS Feed</span></a></li></ul></div><div class="page-footer-nav-col-1"><h2 class="footer-nav-heading">MDN</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a href="/en-US/about">About</a></li><li class="footer-nav-item"><a href="/en-US/blog/">Blog</a></li><li class="footer-nav-item"><a href="https://www.mozilla.org/en-US/careers/listings/?team=ProdOps" target="_blank" rel="noopener noreferrer">Careers</a></li><li class="footer-nav-item"><a href="/en-US/advertising">Advertise with us</a></li></ul></div><div class="page-footer-nav-col-2"><h2 class="footer-nav-heading">Support</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="https://support.mozilla.org/products/mdn-plus">Product help</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/MDN/Community/Issues">Report an issue</a></li></ul></div><div class="page-footer-nav-col-3"><h2 class="footer-nav-heading">Our communities</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/community">MDN Community</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="https://discourse.mozilla.org/c/mdn/236" target="_blank" rel="noopener noreferrer">MDN Forum</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/discord" target="_blank" rel="noopener noreferrer">MDN Chat</a></li></ul></div><div class="page-footer-nav-col-4"><h2 class="footer-nav-heading">Developers</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Web">Web Technologies</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Learn">Learn Web Development</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/plus">MDN Plus</a></li><li class="footer-nav-item"><a href="https://hacks.mozilla.org/" target="_blank" rel="noopener noreferrer">Hacks Blog</a></li></ul></div><div class="page-footer-moz"><a href="https://www.mozilla.org/" class="footer-moz-logo-link" target="_blank" rel="noopener noreferrer"><svg width="112" height="32" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mozilla-footer-logo-svg">Mozilla logo</title><path d="M41.753 14.218c-2.048 0-3.324 1.522-3.324 4.157 0 2.423 1.119 4.286 3.29 4.286 2.082 0 3.447-1.678 3.447-4.347 0-2.826-1.522-4.096-3.413-4.096Zm54.89 7.044c0 .901.437 1.618 1.645 1.618 1.427 0 2.949-1.024 3.044-3.352-.649-.095-1.365-.185-2.02-.185-1.426-.005-2.668.397-2.668 1.92Z" fill="currentColor"></path><path d="M0 0v32h111.908V0H0Zm32.56 25.426h-5.87v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h1.864v3.044h-5.864v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h2.669v3.044H6.642v-3.044h1.863v-7.918H6.642V11.42h5.864v2.11c.839-1.489 2.3-2.39 4.252-2.39 2.02 0 3.878.963 4.566 3.01.778-1.862 2.361-3.01 4.566-3.01 2.512 0 4.812 1.522 4.812 4.84v6.402h1.863v3.044h-.005Zm9.036.307c-4.314 0-7.296-2.635-7.296-7.106 0-4.096 2.484-7.481 7.514-7.481s7.481 3.38 7.481 7.29c0 4.472-3.228 7.297-7.699 7.297Zm22.578-.307H51.942l-.403-2.11 7.7-8.846h-4.376l-.621 2.17-2.888-.313.498-4.907h12.294l.313 2.11-7.767 8.852h4.533l.654-2.172 3.167.308-.872 4.908Zm7.99 0h-4.191v-5.03h4.19v5.03Zm0-8.976h-4.191v-5.03h4.19v5.03Zm2.618 8.976 6.054-21.358h3.945l-6.054 21.358h-3.945Zm8.136 0 6.048-21.358h3.945l-6.054 21.358h-3.939Zm21.486.307c-1.863 0-2.887-1.085-3.072-2.792-.805 1.427-2.232 2.792-4.498 2.792-2.02 0-4.314-1.085-4.314-4.006 0-3.447 3.323-4.253 6.518-4.253.778 0 1.584.034 2.3.124v-.465c0-1.427-.034-3.133-2.3-3.133-.84 0-1.488.061-2.143.402l-.453 1.578-3.195-.34.549-3.224c2.45-.996 3.692-1.27 5.992-1.27 3.01 0 5.556 1.55 5.556 4.75v6.083c0 .805.314 1.085.963 1.085.184 0 .375-.034.587-.095l.034 2.11a5.432 5.432 0 0 1-2.524.654Z" fill="currentColor"></path></svg></a><ul class="footer-moz-list"><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Website Privacy Notice</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/#cookies" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Cookies</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/legal/terms/mozilla" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Legal</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/governance/policies/participation/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Community Participation Guidelines</a></li></ul></div><div class="page-footer-legal"><p id="license" class="page-footer-legal-text">Visit<!-- --> <a href="https://www.mozilla.org" target="_blank" rel="noopener noreferrer">Mozilla Corporation’s</a> <!-- -->not-for-profit parent, the<!-- --> <a target="_blank" rel="noopener noreferrer" href="https://foundation.mozilla.org/">Mozilla Foundation</a>.<br/>Portions of this content are ©1998–<!-- -->2024<!-- --> by individual mozilla.org contributors. Content available under<!-- --> <a href="/en-US/docs/MDN/Writing_guidelines/Attrib_copyright_license">a Creative Commons license</a>.</p></div></div></footer></div><script type="application/json" id="hydration">{"url":"/en-US/docs/Web/API/Credential_Management_API/Credential_types","doc":{"isMarkdown":true,"isTranslated":false,"isActive":true,"flaws":{},"title":"Credential types","mdn_url":"/en-US/docs/Web/API/Credential_Management_API/Credential_types","locale":"en-US","native":"English (US)","sidebarHTML":"<ol><li class=\"section\"><a href=\"/en-US/docs/Web/API/Credential_Management_API\">Credential Management API</a></li><li class=\"toggle\"><details open=\"\"><summary>Guides</summary><ol><li><em><a href=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types\" aria-current=\"page\">Credential types</a></em></li></ol></details></li><li class=\"toggle\"><details open=\"\"><summary>Interfaces</summary><ol><li><a href=\"/en-US/docs/Web/API/Credential\"><code>Credential</code></a></li><li><a href=\"/en-US/docs/Web/API/CredentialsContainer\"><code>CredentialsContainer</code></a></li><li><a href=\"/en-US/docs/Web/API/FederatedCredential\"><code>FederatedCredential</code></a></li><li><a href=\"/en-US/docs/Web/API/FederatedCredentialInit\"><code>FederatedCredentialInit</code></a></li><li><a href=\"/en-US/docs/Web/API/PasswordCredential\"><code>PasswordCredential</code></a></li><li><a href=\"/en-US/docs/Web/API/PasswordCredentialInit\"><code>PasswordCredentialInit</code></a></li></ol></details></li><li class=\"toggle\"><details open=\"\"><summary>Properties</summary><ol><li><a href=\"/en-US/docs/Web/API/Navigator/credentials\"><code>Navigator.credentials</code></a></li></ol></details></li></ol>","sidebarMacro":"DefaultAPISidebar","body":[{"type":"prose","value":{"id":null,"title":null,"isH3":false,"content":"<p>The Credential Management API enables a website to create, store, and retrieve the <a href=\"/en-US/docs/Glossary/Credential\">credentials</a> that allow a user to securely log in. It supports four different types of credentials:</p>\n<figure class=\"table-container\"><table>\n <thead>\n <tr>\n <th>Type</th>\n <th>Interface</th>\n </tr>\n </thead>\n <tbody>\n <tr>\n <td>Password</td>\n <td><a href=\"/en-US/docs/Web/API/PasswordCredential\"><code>PasswordCredential</code></a></td>\n </tr>\n <tr>\n <td>Federated identity</td>\n <td><a href=\"/en-US/docs/Web/API/IdentityCredential\"><code>IdentityCredential</code></a>, <a href=\"/en-US/docs/Web/API/FederatedCredential\"><code>FederatedCredential</code></a> (deprecated)</td>\n </tr>\n <tr>\n <td>One-time password (OTP)</td>\n <td><a href=\"/en-US/docs/Web/API/OTPCredential\"><code>OTPCredential</code></a></td>\n </tr>\n <tr>\n <td>Web Authentication</td>\n <td><a href=\"/en-US/docs/Web/API/PublicKeyCredential\"><code>PublicKeyCredential</code></a></td>\n </tr>\n </tbody>\n</table></figure>\n<p>The credential types are all represented as subclasses of the <a href=\"/en-US/docs/Web/API/Credential\"><code>Credential</code></a> interface:</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/credential-types.svg\" alt=\"Class diagram showing the five different credential subclasses.\" width=\"531\" height=\"301\" loading=\"lazy\">\n</p>\n<p>In this guide we'll introduce the different credential types and explain at a high level how they are used.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> Although we're describing all the credential types together here, the different credential types are defined in several different specifications, which extend the main Credential Management API specification.</p>\n <ul>\n <li><a href=\"https://w3c.github.io/webappsec-credential-management/\" class=\"external\" target=\"_blank\">Credential Management API</a> defines passwords and legacy federated credentials.</li>\n <li><a href=\"https://w3c-fedid.github.io/FedCM/\" class=\"external\" target=\"_blank\">Federated Credential Management API</a> defines the new federated credentials.</li>\n <li><a href=\"https://wicg.github.io/web-otp/\" class=\"external\" target=\"_blank\">WebOTP API</a> defines OTP credentials.</li>\n <li><a href=\"https://w3c.github.io/webauthn/\" class=\"external\" target=\"_blank\">Web Authentication API</a> defines Web Authentication assertions.</li>\n </ul>\n</div>"}},{"type":"prose","value":{"id":"passwords","title":"Passwords","isH3":false,"content":"<div class=\"notecard note\">\n <p><strong>Note:</strong> Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in a password manager, and can automatically retrieve stored passwords to autofill <a href=\"/en-US/docs/Web/HTML/Element/input/password\">password input elements</a>.</p>\n</div>\n<p>Modern browsers provide users with a password manager, which enables users to store the passwords they enter on websites, and later retrieve them when they need to log in again. Password managers can help with password security by remembering passwords for users and autofilling them, which allows users to choose stronger passwords.</p>\n<p>In the Credential Management API, a password is represented by the <a href=\"/en-US/docs/Web/API/PasswordCredential\"><code>PasswordCredential</code></a> interface. When a user successfully registers for or signs into your site, you can call the <a href=\"/en-US/docs/Web/API/PasswordCredential/PasswordCredential\" title=\"PasswordCredential()\"><code>PasswordCredential()</code></a> constructor or <a href=\"/en-US/docs/Web/API/CredentialsContainer/create\" title=\"navigator.credentials.create()\"><code>navigator.credentials.create()</code></a> to create a <code>PasswordCredential</code> object from the credentials the user entered. You can then pass this into <a href=\"/en-US/docs/Web/API/CredentialsContainer/store\" title=\"navigator.credentials.store()\"><code>navigator.credentials.store()</code></a>, and the browser will ask the user if they want to store the password in the password manager.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/password-create.svg\" alt=\"Sequence diagram showing creation and storage of a password credential.\" width=\"622\" height=\"412\" loading=\"lazy\">\n</p>\n<p>When a user visits your site, you can call <a href=\"/en-US/docs/Web/API/CredentialsContainer/get\" title=\"navigator.credentials.get()\"><code>navigator.credentials.get()</code></a> to retrieve a stored password for your site, and use it to log the user in. Depending on the situation, you can log the user in silently or use the returned password to auto-fill a form field.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/password-get.svg\" alt=\"Sequence diagram showing sign-in with a password credential.\" width=\"661\" height=\"412\" loading=\"lazy\">\n</p>"}},{"type":"prose","value":{"id":"federated_identity_credentials","title":"Federated identity credentials","isH3":false,"content":"<p>In a <a href=\"/en-US/docs/Glossary/Federated_identity\">federated identity</a> system, a separate entity acts as an intermediary between the user and the website they are trying to sign into. This entity, called an <a href=\"/en-US/docs/Glossary/Identity_provider\">identity provider</a> (IdP), manages the user's credentials, can authenticate users, and is trusted by the website to make assertions about a user's identity.</p>\n<p>The user has an account with the IdP: when they need to sign into the website they authenticate with the IdP. The IdP then returns a token to the user's browser, which the browser delivers to the website. The website verifies the token and, if verification succeeds, signs the user in.</p>\n<p>Federated identity is often provided as a service by corporations: for example, users who have Google, Microsoft, or Facebook accounts can use them to sign into websites that support them.</p>\n<p>The <a href=\"/en-US/docs/Web/API/FedCM_API\">Federated Credential Management API</a> defines a privacy-preserving mechanism for federated identity on the web. You start by calling <a href=\"/en-US/docs/Web/API/CredentialsContainer/get\" title=\"navigator.credentials.get()\"><code>navigator.credentials.get()</code></a> to request a federated identity credential, and this triggers a protocol exchange between the browser and the IdP.</p>\n<p>If, in the course of this exchange, the user can be authenticated with the IdP, the browser returns an <a href=\"/en-US/docs/Web/API/IdentityCredential\"><code>IdentityCredential</code></a> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>. The website front end code can send this to the server for verification.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/fed-cm-get.svg\" alt=\"Sequence diagram showing sign-in using a federated identity credential.\" width=\"804\" height=\"412\" loading=\"lazy\">\n</p>\n<p>Note that <a href=\"/en-US/docs/Web/API/CredentialsContainer/create\" title=\"create()\"><code>create()</code></a> and <a href=\"/en-US/docs/Web/API/CredentialsContainer/store\" title=\"store()\"><code>store()</code></a> are not used when working with the Federated Credential Management API.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> Support for federated identity in the Credential Management API was originally provided through the <a href=\"/en-US/docs/Web/API/FederatedCredential\"><code>FederatedCredential</code></a> interface. However, this mechanism depends on technologies such as <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies\">third-party cookies</a>, which are intrinsically privacy-invasive. These technologies were <a href=\"/en-US/blog/goodbye-third-party-cookies/\">deprecated in browsers</a>, therefore a new approach was needed.</p>\n</div>"}},{"type":"prose","value":{"id":"one-time_passwords","title":"One-time passwords","isH3":false,"content":"<p>A one-time password (OTP) is an authentication technique in which the website sends a unique code to the user via a messaging system such as email or SMS. The user must then enter the code on the site to prove their control of the communications endpoint. Websites sometimes use this as a second authentication factor in addition to a password.</p>\n<p>The <a href=\"/en-US/docs/Web/API/WebOTP_API\">WebOTP API</a> defines the <a href=\"/en-US/docs/Web/API/OTPCredential\"><code>OTPCredential</code></a> interface, which solves a specific usability problem in this exchange: when a user receives the code, they have to open a different application, find the message, then copy the code into a form on the website. This is awkward, especially on a mobile device, and especially when the device receiving the message is the same as the device being used to sign into the site.</p>\n<p>In browsers that support the <code>OTPCredential</code> type, the website's front end can call <a href=\"/en-US/docs/Web/API/CredentialsContainer/get\" title=\"navigator.credentials.get()\"><code>navigator.credentials.get()</code></a>, asking for an OTP credential, then ask the backend to generate a code and send the message containing it (only SMS is supported as a transport). The backend must send a specially formatted SMS message, which the browser can read.</p>\n<p>The browser then returns an <code>OTPCredential</code> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>, and this object contains the code. The website front end can use the code to autofill an input element on the site, or submit the code to the server automatically.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/otp-get.svg\" alt=\"Sequence diagram showing sign-in using an OTP credential.\" width=\"689\" height=\"531\" loading=\"lazy\">\n</p>\n<p>Note that <a href=\"/en-US/docs/Web/API/CredentialsContainer/create\" title=\"create()\"><code>create()</code></a> and <a href=\"/en-US/docs/Web/API/CredentialsContainer/store\" title=\"store()\"><code>store()</code></a> are not used when working with OTP credentials.</p>"}},{"type":"prose","value":{"id":"web_authentication_assertions","title":"Web Authentication assertions","isH3":false,"content":"<p>The <a href=\"/en-US/docs/Web/API/Web_Authentication_API\">Web Authentication API</a> (WebAuthn) enables users to log into websites by asking an <em>authenticator</em> to generate digitally signed assertions about a user's identity.</p>\n<p>An authenticator is an entity that is inside or attached to the user's device, and that can perform the cryptographic operations needed to register and authenticate users, and securely store the cryptographic keys used in these operations. An authenticator might be integrated into the device, like the <a href=\"https://en.wikipedia.org/wiki/Touch_ID\" class=\"external\" target=\"_blank\">Touch ID</a> system in Apple devices or the <a href=\"https://en.wikipedia.org/wiki/Windows_10#System_security\" class=\"external\" target=\"_blank\">Windows Hello</a> system, or it might be a removable module like a <a href=\"https://en.wikipedia.org/wiki/YubiKey\" class=\"external\" target=\"_blank\">YubiKey</a>.</p>\n<p>Instead of passwords, WebAuthn uses <a href=\"/en-US/docs/Glossary/Public-key_cryptography\">public-key cryptography</a> to authenticate users.</p>\n<p>To register a user on a website using WebAuthn, call <a href=\"/en-US/docs/Web/API/CredentialsContainer/create\" title=\"navigator.credentials.create()\"><code>navigator.credentials.create()</code></a>, providing all the information needed to create a key pair. The authenticator may first ask the user to authenticate themselves, for example using a biometric reader. It will then generate a key pair and return the public key. This key pair is specific to the user and the website. The authenticator may also generate and return a signed <em>attestation</em>: this is a statement that the authenticator itself is (for example) a genuine YubiKey.</p>\n<p>The website front end sends the public key and attestation to the server, which verifies the attestation and stores the public key with the rest of the new user's account information.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/webauth-create.svg\" alt=\"Sequence diagram showing registration using Web Authentication.\" width=\"767\" height=\"502\" loading=\"lazy\">\n</p>\n<p>To sign a user into the website, the front end code first fetches a random number from the server, called a <em>challenge</em>. Then it calls <a href=\"/en-US/docs/Web/API/CredentialsContainer/get\" title=\"navigator.credentials.get()\"><code>navigator.credentials.get()</code></a>, passing in the challenge and some other options. The authenticator may, again, first ask the user to authenticate themselves, and will then sign the challenge using the private key.</p>\n<p>The browser then returns a <code>PublicKeyCredential</code> object in the fulfillment of the <code>Promise</code> returned from <code>get()</code>, and this object contains the signed challenge, which is called an <em>assertion</em>. The website front end then sends the assertion to the server, which checks the signature using the stored public key, and decides whether to log the user in.</p>\n<p>\n <img src=\"/en-US/docs/Web/API/Credential_Management_API/Credential_types/webauth-get.svg\" alt=\"Sequence diagram showing sign-in using a Web Authentication assertion.\" width=\"767\" height=\"591\" loading=\"lazy\">\n</p>\n<p>Note that <a href=\"/en-US/docs/Web/API/CredentialsContainer/store\" title=\"store()\"><code>store()</code></a> is not used when working with WebAuthn: the key pair is created in the authenticator and the private key never leaves it.</p>"}},{"type":"prose","value":{"id":"see_also","title":"See also","isH3":false,"content":"<ul>\n <li><a href=\"/en-US/docs/Web/API/Web_Authentication_API\">Web Authentication API</a></li>\n <li><a href=\"/en-US/docs/Web/API/WebOTP_API\">WebOTP API</a></li>\n <li><a href=\"/en-US/docs/Web/API/FedCM_API\">Federated Credential Management (FedCM) API</a></li>\n</ul>"}}],"toc":[{"text":"Passwords","id":"passwords"},{"text":"Federated identity credentials","id":"federated_identity_credentials"},{"text":"One-time passwords","id":"one-time_passwords"},{"text":"Web Authentication assertions","id":"web_authentication_assertions"},{"text":"See also","id":"see_also"}],"summary":"The Credential Management API enables a website to create, store, and retrieve the credentials that allow a user to securely log in. It supports four different types of credentials:","popularity":0,"modified":"2024-11-22T16:43:48.000Z","other_translations":[{"locale":"de","title":"Credenzitypen","native":"Deutsch"}],"pageType":"guide","source":{"folder":"en-us/web/api/credential_management_api/credential_types","github_url":"https://github.com/mdn/content/blob/main/files/en-us/web/api/credential_management_api/credential_types/index.md","last_commit_url":"https://github.com/mdn/content/commit/5f76b99045f87349ed030bbd6a3c2e43badb3c22","filename":"index.md"},"short_title":"Credential types","parents":[{"uri":"/en-US/docs/Web","title":"References"},{"uri":"/en-US/docs/Web/API","title":"Web APIs"},{"uri":"/en-US/docs/Web/API/Credential_Management_API","title":"Credential Management API"},{"uri":"/en-US/docs/Web/API/Credential_Management_API/Credential_types","title":"Credential types"}],"pageTitle":"Credential types - Web APIs | MDN","noIndexing":false}}</script></body></html>