Simple FIDO authentication example

Requirements

The end-user requires a FIDO-compliant authenticator or passkey.
The end-user needs access to a client device like a smartphone with a FIDO-enabled app or a computer with a web browser that supports FIDO.

Info

Most modern web browsers have built-in FIDO support.

Example

In our example, authentication is achieved

over a smartphone using an NFC FIDO authenticator.
over a web browser and a USB FIDO authenticator.

Airlock IAM acts as the FIDO relying party (RP) and uses the browser's WebAuthn API.
The Client-To-Authenticator Protocol (CTAP) establishes communication between the browser and the FIDO authenticator. The client's FIDO authenticator proves possession of the private key to the service or application by signing the RP's challenge.

Any PINs, biometrics, or passwords that might be required to use a FIDO authenticator are not sent to the FIDO relying party but handled locally.

Further information and links

FIDO2 platform and browser compatibility (fido alliance)