The displayName is a plain language name used to identify the Authenticator to the user. This name will be displayed in case the user wishes to manage multiple Authenticators associated with their account. The displayName is also sent to the client platform during registration to identify the user.
Possible values:
- required: A display name is required. This means that when the user goes through the registration process both a username and a displayName will be required by SKFS for the preregister request. A typical implementation will involve having the user input a username and display name during the registration process. An advantage to having display name required is that it allows a user to easily manage multiple Authenticators per account. This is thanks to having an easily readable display name associated with each Authenticator on their account so that the keys can be managed.
- preferred: If a display name is provided by the user then displayName will be used. If a display name is not provided then the username will be used as the displayName. Providing this option allows for different FIDO2 implementations on the RP’s side while working with a single SKFS. One RP could have multiple Authenticators per account implemented, which inherently involves a unique display name, while another only allows one Authenticator per account, therefore not needing the display name.
- none: The username will be used as displayName—a simpler registration process due to only requiring the username from the user. The negative to this option is that it only allows a user to register one Authenticator per username. This is not recommended; if the user loses that one Authenticator they will be unable to access the account.