Simple FIDO authentication example
Requirements
- The end-user requires a FIDO-compliant authenticator or passkey.
- The end-user needs access to a client device like a smartphone with a FIDO-enabled app or a computer with a web browser that supports FIDO.
Info
Most modern web browsers have built-in FIDO support.
Example
In our example, authentication is achieved
- over a smartphone using an NFC FIDO authenticator.
- over a web browser and a USB FIDO authenticator.
- Airlock IAM acts as the FIDO relying party (RP) and uses the browser's WebAuthn API.
- The Client-To-Authenticator Protocol (CTAP) establishes communication between the browser and the FIDO authenticator. The client's FIDO authenticator proves possession of the private key to the service or application by signing the RP's challenge.
Any PINs, biometrics, or passwords that might be required to use a FIDO authenticator are not sent to the FIDO relying party but handled locally.