FIDO authentication in the Loginapp REST API

This chapter is about FIDO authentication in the Loginapp REST API. It supplements the information in the REST API documentation (Loginapp REST API Reference), provides example login flows, and configuration hints.

Please also refer to the conceptual FIDO chapters referred to at the end of this text.

FIDO authentication flow steps

The following authentication flow steps are available:

FIDO Authentication Step	Used for FIDO passkeys as the 2nd factor in an authentication flow. The user identity must be determined before this step. Used, for example, after the end-user's username and password check.
FIDO Passwordless Authentication Step	Used for FIDO passkeys as the first (and typically only) authentication step. It determines the user identity and authenticates the end-user.
FIDO Registration Step	Step providing REST APIs to register a FIDO passkey with the user's account during the authentication flow. This is typically used for token migration from another 2nd factor to FIDO.
FIDO Credential Display Name Change Step	This step allows the end-user to change the display name of FIDO passkeys. It is used after registering a FIDO passkey in conjunction with FIDO Settings >> Auto Generate Display Name.

Info

The rest of this chapter is organized along example flows showing the usage and configuration of all the above REST APIs and steps.

Chapter content

FIDO 2nd factor authentication - REST flow example

FIDO passwordless authentication - REST flow example

FIDO token migration - REST flow example

Further information and links

Loginapp REST API Reference
Conceptual information and flow diagrams: FIDO in Airlock IAM