在此页

• 句法
• 范例
• 规范
• 浏览器兼容性
• 另请参阅
• 相关话题

安全上下文
此特征只可用于 安全上下文 (HTTPS)，在某些或所有 支持浏览器 .

challenge 特性为 PublicKeyCredentialRequestOptions dictionary is a BufferSource used as a cryptographic challenge . This is randomly generated then sent from the relying party's server. This value (among other client data) will be signed by the authenticator's private key and produce AuthenticatorAssertionResponse.signature which should be sent back to the server as part of the response.

注意： When the credential is created with a navigator.credentials.create() call, the signature of the challenge is contained within AuthenticatorAttestationResponse.attestationObject .

注意： A challenge will be at least 16 bytes long.

句法

challenge = publicKeyCredentialRequestOptions.challenge
					

值

A BufferSource which is at least 16 bytes long. Contains a cryptographic challenge emitted from the relying party's server which must be signed by the authenticator's private key and sent back (within the response ) to the relying party's server for verification.

范例

var options = {
  challenge: new Uint8Array([/* bytes sent from the server */])
};
navigator.credentials.get({ "publicKey": options })
    .then(function (credentialInfoAssertion) {
    // send assertion response back to the server
    // to proceed with the control of the credential
}).catch(function (err) {
     console.error(err);
});
					

规范

规范	状态	注释
Web Authentication: An API for accessing Public Key Credentials Level 1 The definition of 'challenge' in that specification.	推荐	初始定义。

浏览器兼容性

The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request. 更新 GitHub 上的兼容性数据

	桌面						移动
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Firefox for Android	Opera for Android	Safari on iOS	Samsung Internet
challenge	Chrome 67	Edge ≤79	Firefox 60	IE ?	Opera Yes	Safari 13	WebView Android 67	Chrome Android 67	Firefox Android ?	Opera Android Yes	Safari iOS 13.3	Samsung Internet Android No

图例

完整支持

完整支持

不支持

不支持

兼容性未知 ?

兼容性未知

实验。期望将来行为有所改变。

实验。期望将来行为有所改变。

另请参阅

• AuthenticatorAssertionResponse.signature which is produced using the challenge and the private key of the authenticator when fetching a credential.
• PublicKeyCredentialCreationOptions.challenge , the analogous option property used when creating a credential.
• AuthenticatorAttestationResponse.attestationObject which contains the signature of the challenge within its attStmt property when creating a credential.

元数据

• 最后修改： Mar 18, 2019

相关话题

1. Web 身份验证 API
2. PublicKeyCredentialRequestOptions
3. 特性

   1. allowCredentials
   2. challenge
   3. extensions
   4. rpId
   5. timeout
   6. userVerification
4. Related pages for Web Authentication API

   1. AuthenticatorAssertionResponse
   2. AuthenticatorAttestationResponse
   3. AuthenticatorResponse
   4. CredentialsContainer
   5. PublicKeyCredential