🔐 Create Passkey

This will be used as both userName and userDisplayName

Human-readable name shown to users during registration

Domain name (must match the current origin). Changing this will likely cause errors.

none: Don't request attestation. Simpler and more privacy-preserving.
direct: Request attestation statement. Used to verify authenticator origin.

Controls whether the authenticator should verify the user (e.g., via biometrics or PIN).
discouraged: Skip verification if possible (faster but less secure).
preferred: Verify if the authenticator supports it.
required: Fail if verification is not possible.

Controls whether the credential is "discoverable" (can be used without providing credential ID).
discouraged: Create a server-side credential (requires server to provide credential ID).
preferred: Create discoverable if authenticator supports it.
required: Fail if discoverable credentials aren't supported.

platform: Use device's built-in authenticator (Touch ID, Face ID, Windows Hello).
cross-platform: Use external authenticator (USB security key, phone via QR code).
any: Let the user choose.

Provides a hint to the browser about which type of authenticator the user might want to use.
This influences the UI but doesn't strictly enforce the choice.

How long the user has to complete the registration (15-300 seconds). Default: 60000ms (60 seconds)

The authenticator will use one of these algorithms to sign. ES256 (-7) and RS256 (-257) have the widest support.