Optional authenticatordiscouraged: This tells the authenticator to not use resident keys.
preferred: This tells the authenticator that resident keys should be used if available.
required: This tells the authenticator that a resident key is required.
Required: Tells the authenticator that the user needs to verify they are in possession of the authenticator device. This usually means the user is prompted for a pin, passcode, or to complete a biometric challenge.
Preferred: Tells the authenticator that the user should be asked to verify they are in possession of the authenticator device. This usually means the user is prompted for a pin, passcode, or to complete a biometric challenge. If the user has recently verified their possession the device may choose not to ask the user to verify again.
Discouraged: Tells the authenticator that the user should not be prompted for possession. This is generally only used when WebAuthn is a second factor.
Generated using TypeDoc
If not given, any authenticator type can be used.
platform: Authenticator must be built into the system. For example, Windows Hello or Apple Touch ID use a TPM that are integrated into the system.
cross-platform: Authenticator must be able to move between systems. For example, a yubikey is a USB device that can be plugged into any system.