+`webauthn`: `[id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>]` ::
+
+webauthn configuration
+
+`id`=`<DOMAINNAME>` ;;
+
+Relying part ID. Must be the domain name without protocol, port or location. Changing this *will* break existing credentials.
+
+`origin`=`<URL>` ;;
+
+Site origin. Must be a `https://` URL (or `http://localhost`). Should contain the address users type in their browsers to access the web interface. Changing this *may* break existing credentials.
+
+`rp`=`<RELYING_PARTY>` ;;
+
+Relying party name. Any text identifier. Changing this *may* break existing credentials.
+