Can mobile website have biometric authentication?

Question

I have mobile website and in this application I want to use device's native PIN, Faceid and Fingerprint authentication, is this practically somehow possible? because I don't think browser would allow me something like that.

Also I heard that if I want to have this kind of behaviour, I should create PWA(progressive web app). So is it true that from browser(without PWA) I can't use any of these three authentication types and that PWA will give me opportunity to use all of them?

https://developer.mozilla.org/en-US/docs/Web/API doesn’t look like it is possible, no. — evolutionxbox, Jul 27 '20 at 09:48

score 14 · Answer 1 · answered Jul 27 '20 at 10:36

14

Yes the Web Authentication API is available, which allows you to delegate authentication to the device's authenticators, including common mobile authenticators such as fingerprints or face ID. Your server application will need to support this method of authentication as well, so keep that in mind.

All modern browsers have supported Web Authentication API for a while now.

You can try out a demo and view code examples here: https://webauthn.io

answered Jul 27 '20 at 10:36

Mark

680
5
15

I have the opposite question; I have a desktop web app, Is it possible to use my mobile phone to login with a Fingerprint to my web app via Web Authentication API ? – Ben.S May 23 '21 at 05:04
what a gorgeous thing.. I hope there`s not so much difficult to implement.. – Fernando Meneses Gomes Jun 07 '21 at 14:58
1

@Ben.S Create a PWA to receive push notifications. Use the Web Authentication API as described to identify the user and pass the result back to your app. Think about possible points of attack and avoid them. – Sebastian Aug 24 '21 at 14:23
@Sebastian thanks can you elaborate on the your answer in my own question link https://stackoverflow.com/questions/68163069/implement-fingerprint-login-to-net-mvc-webapp – Ben.S Aug 25 '21 at 03:45

score 3 · Answer 2 · answered Jun 22 '22 at 02:12

Mark's answer is amazing and points you to the most-official Web Authentication API documentation. But if you are like me (tried to understand the documentation and then give it a try to build everything from scratch), it may be a bit of a challenge.

To make your implementation process easier, I recommend you to check out SimpleWebAuthn. They have ready-to-use code for browser and a server using Typescript - NodeJS.

Can mobile website have biometric authentication?

2 Answers2

Linked