Overview#
WebAuthn Extension Identifiers (WebAuthN) are the "WebAuthn Extension Identifier" for the Web Authentication API Specification and SHOULD be registered per WebAuthn-RegistriesLdapwiki recommends you to consult the The Registry Entries
WebAuthn Extension Identifiers defines the initial set of extensions to be registered in the IANA Registry "WebAuthn Extension Identifier" registry established by WebAuthn-Registries.
These MAY be implemented by User-agents targeting broad interoperability.
WebAuthn Extension Identifier | Description | Reference | Change Controller | Notes |
---|---|---|---|---|
appid | This authentication extension allows WebAuthn Relying Parties that have previously registered a credential using the legacy FIDO JavaScript APIs to request an assertion | Web Authentication Section §10.1, FIDO AppID Extension (appid) | W3C_Web_Authentication_Working_Group | |
txAuthSimple | This registration extension and authentication extension allows for a simple form of transaction authorization. A WebAuthn Relying Party can specify a prompt string, intended for display on a trusted device on the authenticator | Web Authentication Section §10.2, Simple Transaction Authorization Extension (txAuthSimple) | W3C_Web_Authentication_Working_Group | |
txAuthGeneri | This registration extension and authentication extension allows images to be used as transaction authorization prompts as well. This allows authenticators without a font rendering engine to be used and also supports a richer visual appearance than accomplished with the webauthn.txauth.simple extension. | Web Authentication Section §10.3, Generic Transaction Authorization Extension (txAuthGeneric) | W3C_Web_Authentication_Working_Group | |
authnSel | This registration extension allows a WebAuthn Relying Party to guide the selection of the WebAuthn Authenticator that will be leveraged when creating the credential. It is intended primarily for WebAuthn Relying Parties that wish to tightly control the experience around credential creation. | Web Authentication Section §10.4, Authenticator Selection Extension (authnSel) | W3C_Web_Authentication_Working_Group | |
exts | This registration extension enables the WebAuthn Relying Party to determine which [{$pagename}]] the WebAuthn Authenticator supports. The extension data is a list (CBOR array) of WebAuthn Extension Identifiers encoded as UTF-8 Strings. This extension is added automatically by the WebAuthn Authenticator. This extension can be added to attestation statements. | Web Authentication Section §10.5, Supported Extensions Extension (exts) | W3C_Web_Authentication_Working_Group | |
uvi | This registration extension and authentication extension enables use of a user verification index. The user verification index is a value uniquely identifying a user verification data record. The UVI data can be used by servers to understand whether an authentication was authorized by the exact same Biometric data as the initial key generation. This allows the detection and prevention of "friendly fraud". | Web Authentication Section §10.6, User Verification Index Extension (uvi) | W3C_Web_Authentication_Working_Group | |
loc | The location registration extension and authentication extension provides the WebAuthn Client Device's current Geolocation to the WebAuthn Relying Party, if supported by the client platform and subject to user consent. | Web Authentication Section §10.7, Location Extension (loc) | W3C_Web_Authentication_Working_Group | |
uvm | This registration extension and authentication extension enables use of a user verification method. The user verification method extension returns to the WebAuthn Relying Party which user verification methods (factors) were used for the WebAuthn operation. | Web Authentication Section §10.8, User Verification Method Extension (uvm) | W3C_Web_Authentication_Working_Group |