Overview#WebAuthn Authenticator is an Authenticator and a cryptographic entity used by a WebAuthn Client to:
- generate a Public Key credential and register it with a Relying Party
- authenticate by potentially verifying the user, and then cryptographically digitally signing and returning, in the form of an Authentication Assertion, and other Data
WebAuthn Authenticators may be one or the other:
WebAuthn Authenticators may utilize:
Credential IDs are generated by WebAuthn Authenticators in two forms:
- At least 16 bytes that include at least 100 bits of entropy, or
- The Public Key credential source, without its Credential ID, encrypted so only its managing authenticator can decrypt it. This form allows the WebAuthn Authenticator to be nearly stateless, by having the WebAuthn Relying Party store any necessary state.