From cbf2e97bb3f8ba69a7e325eb2a3305cbde88fe4b Mon Sep 17 00:00:00 2001 From: wbamberg Date: Wed, 1 May 2024 13:06:58 -0700 Subject: [PATCH] Normalize CredentialsContainer.create() method --- files/en-us/glossary/authentication/index.md | 23 ++ files/en-us/glossary/credential/index.md | 22 ++ .../api/credentialscontainer/create/index.md | 344 ++++-------------- .../web/api/federatedcredentialinit/index.md | 55 +++ .../web/api/passwordcredentialinit/index.md | 163 +++++++++ .../index.md | 14 +- .../index.md | 251 +++++++++++++ 7 files changed, 593 insertions(+), 279 deletions(-) create mode 100644 files/en-us/glossary/authentication/index.md create mode 100644 files/en-us/glossary/credential/index.md create mode 100644 files/en-us/web/api/federatedcredentialinit/index.md create mode 100644 files/en-us/web/api/passwordcredentialinit/index.md create mode 100644 files/en-us/web/api/publickeycredentialcreationoptions/index.md diff --git a/files/en-us/glossary/authentication/index.md b/files/en-us/glossary/authentication/index.md new file mode 100644 index 000000000000000..73b1c50874d67fe --- /dev/null +++ b/files/en-us/glossary/authentication/index.md @@ -0,0 +1,23 @@ +--- +title: Authentication +slug: Glossary/Authentication +page-type: glossary-definition +--- + +{{GlossarySidebar}} + +**Authentication** is in general the process of proving that some fact is genuine. More specifically, in web security, it is the process of verifying the claimed identity of some entity, such as a user. This then makes it possible to decide whether to grant the user the access that they are requesting, such as being signed into a particular account. + +Authentication is typically performed by having a user present a user identifier along with a {{glossary("credential")}}, such as a password, a one-time SMS code, or an assertion signed with a private key. The system then checks the binding between the user identifier and the credential, so it can decide whether or not to authenticate the user. + +Types of authentication information, also called _authentication factors_, are commonly presented in three categories: + +- Something the user knows, such as a password. +- Something the user has, such as a phone. +- Something the user is, such as a thumbprint. + +Multi-factor authentication (MFA) systems require the user to provide more than one factor: for example, a password combined with a one-time code sent to the user's phone. + +## See also + +- {{rfc("4949", "Internet Security Glossary")}} diff --git a/files/en-us/glossary/credential/index.md b/files/en-us/glossary/credential/index.md new file mode 100644 index 000000000000000..e3e8f2416fc3101 --- /dev/null +++ b/files/en-us/glossary/credential/index.md @@ -0,0 +1,22 @@ +--- +title: Credential +slug: Glossary/Credential +page-type: glossary-definition +--- + +{{GlossarySidebar}} + +A **credential** is an object which enables a system to make an {{glossary("authentication")}} decision: for example, to decide whether to sign a user into an account. + +In web security, types of credential include: + +- a password +- biometric data +- a token entered from a one-time SMS code +- the key used to make authentication assertions in a public-key system such as [Web Authentication](/en-US/docs/Web/API/Web_Authentication_API) + +The [Credential Management API](/en-US/docs/Web/API/Credential_Management_API) enables develepers to create, store, and retrieve various types of credential. + +## See also + +- {{rfc("4949", "Internet Security Glossary")}} diff --git a/files/en-us/web/api/credentialscontainer/create/index.md b/files/en-us/web/api/credentialscontainer/create/index.md index b4beb66a995c5cc..4477a8237b7fa47 100644 --- a/files/en-us/web/api/credentialscontainer/create/index.md +++ b/files/en-us/web/api/credentialscontainer/create/index.md @@ -8,18 +8,19 @@ browser-compat: api.CredentialsContainer.create {{APIRef("Credential Management API")}}{{SecureContext_Header}} -The **`create()`** method of the {{domxref("CredentialsContainer")}} interface returns a {{jsxref("Promise")}} that resolves with a new credential instance based on the provided options, the information from which can then be stored and later used to authenticate users via {{domxref("CredentialsContainer.get", "navigator.credentials.get()")}}. +The **`create()`** method of the {{domxref("CredentialsContainer")}} interface creates a new {{glossary("credential")}}, which can then be stored and later used to authenticate users via {{domxref("CredentialsContainer.get", "navigator.credentials.get()")}}. -This is used by multiple different credential-related APIs with significantly different purposes: +This method supports three different types of credential: -- The [Credential Management API](/en-US/docs/Web/API/Credential_Management_API) uses `create()` to create basic federated credentials or username/password credentials. -- The [Web Authentication API](/en-US/docs/Web/API/Web_Authentication_API) uses `create()` to create public key credentials (based on asymmetric cryptography). +- A password credential, which enables a user to sign in using a password. +- A federated credential, which enables a user to sign in using a federated identity provider. +- A public key credential, which enables a user to sign in with an authenticator such as a biometric reader built into the platform or a removable hardware token. -The below reference page starts with a syntax section that explains the general method call structure and parameters that apply to all the different APIs. After that, it is split into separate sections providing parameters, return values, and examples specific to each API. +Note that the [Federated Credential Management API (FedCM)](/en-US/docs/Web/API/FedCM_API) supersedes the federated credential type. > **Note:** This method is restricted to top-level {{glossary("browsing context", "browsing contexts")}} (i.e., a document running directly inside a browser tab, and not embedded inside another document). Calls to it from within an `