diff --git a/libs/common/src/webauthn/services/fido2-client.service.spec.ts b/libs/common/src/webauthn/services/fido2-client.service.spec.ts
index 17d77eb2cf..56d1808af9 100644
--- a/libs/common/src/webauthn/services/fido2-client.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-client.service.spec.ts
@@ -19,12 +19,37 @@ describe("FidoAuthenticatorService", () => {
   describe("createCredential", () => {
     describe("invalid input parameters", () => {
       /** Spec: If sameOriginWithAncestors is false, return a "NotAllowedError" DOMException. */
-      it("throw error if sameOriginWithAncestors is false", async () => {
+      it("should throw error if sameOriginWithAncestors is false", async () => {
         const params = createParams({ sameOriginWithAncestors: false });
 
         const result = async () => await client.createCredential(params);
 
-        await expect(result).rejects.toThrowError(new DOMException(undefined, "NotAllowedError"));
+        const rejects = await expect(result).rejects;
+        rejects.toMatchObject({ name: "NotAllowedError" });
+        rejects.toBeInstanceOf(DOMException);
+      });
+
+      /** Spec: If the length of options.user.id is not between 1 and 64 bytes (inclusive) then return a TypeError. */
+      it("should throw error if user.id is too small", async () => {
+        const params = createParams({ user: { id: "", displayName: "name" } });
+
+        const result = async () => await client.createCredential(params);
+
+        await expect(result).rejects.toBeInstanceOf(TypeError);
+      });
+
+      /** Spec: If the length of options.user.id is not between 1 and 64 bytes (inclusive) then return a TypeError. */
+      it("should throw error if user.id is too large", async () => {
+        const params = createParams({
+          user: {
+            id: "YWJzb2x1dGVseS13YXktd2F5LXRvby1sYXJnZS1iYXNlNjQtZW5jb2RlZC11c2VyLWlkLWJpbmFyeS1zZXF1ZW5jZQ",
+            displayName: "name",
+          },
+        });
+
+        const result = async () => await client.createCredential(params);
+
+        await expect(result).rejects.toBeInstanceOf(TypeError);
       });
     });
 
diff --git a/libs/common/src/webauthn/services/fido2-client.service.ts b/libs/common/src/webauthn/services/fido2-client.service.ts
index 0353a81eeb..d633faa240 100644
--- a/libs/common/src/webauthn/services/fido2-client.service.ts
+++ b/libs/common/src/webauthn/services/fido2-client.service.ts
@@ -6,6 +6,7 @@ import {
   CreateCredentialResult,
   Fido2ClientService as Fido2ClientServiceAbstraction,
 } from "../abstractions/fido2-client.service.abstraction";
+import { Fido2Utils } from "../abstractions/fido2-utils";
 
 export class Fido2ClientService implements Fido2ClientServiceAbstraction {
   constructor(private authenticator: Fido2AuthenticatorService) {}
@@ -15,7 +16,12 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
     abortController?: AbortController
   ): Promise<CreateCredentialResult> {
     if (!params.sameOriginWithAncestors) {
-      throw new DOMException(undefined, "NotAllowedError");
+      throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError");
+    }
+
+    const userId = Fido2Utils.stringToBuffer(params.user.id);
+    if (userId.length < 1 || userId.length > 64) {
+      throw new TypeError("Invalid 'user.id' length");
     }
 
     throw new Error("Not implemented");