Questions tagged [webauthn]

Browser API implementing the Web Authentication standard. Credentials are stored on (local) authenticators which use and are accessed using strong cryptography.

See Web Authentication: A Web API for accessing scoped credentials:

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality.

303 questions

votes

1 answer

WebAuthn development on localhost

I'm trying to develop website authentication using WebAuthn. Unfortunately I've run into a problem. When calling navigator.credentials.create I get the following error: SecurityError: The relying party ID 'https://localhost:7000' is not a…

navigator webauthn

asked Oct 18 '18 at 09:00

Spock

2,482
29
27

votes

1 answer

Biometric login (webauthn) in Go, how to verify signature

With the very recent Windows Anniversary update, Edge now supports biometric authentication using Windows Hello (cf. https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/device/web-authentication/ ,…

go cryptography rsa windows-hello webauthn

asked Aug 14 '16 at 08:26

yngling

1,376
2
22
34

votes

1 answer

Integration Test WebAuthN as an 2FA option

I want to add WebAuthN as an option for multi factor authentication to an Angular & Spring application. I use the WebAuthN java-webauthn-server library from Yubico. What is the best way to integration test my WebAuthN server, without a hardware…

java spring-boot integration-testing webauthn multi-factor-authentication

asked May 15 '20 at 07:50

five4three

votes

4 answers

What is the status of Webauthn on iOS/Safari?

I am doing a presentation on the FIDO2/Webauthn standard in a few days and I was excited to see this article on Yubico's website stating that Apple has added support for FIDO authentication via NFC like Android has for years. I had a few of my…

ios webauthn fido

asked Oct 19 '19 at 01:14

Justin

votes

5 answers

How to implement Passkeys

I'm trying to learn more about Apple Passkeys. I use firebase as a backend and it seems like actually integrating it in my site is a hassle without having a custom backend… Are there any solutions for Passkeys+Firebase implementation? Can't really…

webauthn password-less ios16 passkey

asked Aug 18 '22 at 10:52

idanasd149

votes

4 answers

Can multiple Android Applications(same device) share same key-pair for Passwordless Authentication using FIDO 2 Protocol?

Problem Statement: I want to solve the user authentication on Android applications using the FIDO2 protocol(by providing an SDK), without doing multiple registration ceremonies for different applications on the same device. For example, If a user…

authentication android-security google-identity webauthn fido

asked Feb 11 '22 at 10:44

Sachit Sharma

votes

1 answer

navigator.credentials is null on local server

here is my problem : I try to use the Credential Management API to access to authenticators on my webapp : navigator.credentials.create() and navigator.credentials.get(). I have no problem when I execute my code on localhost, and the webapp is…

javascript browser server credentials webauthn

asked May 03 '19 at 14:13

DeenOub

votes

1 answer

Firebase Fido2 Authentication Support

I know that Google's Firebase/Firestore platform supports multiple authentication methods/backends, but I'm not currently seeing any option for Fido2 or WebAuthn for Firebase Authentication. Does anyone know if Google has a timeline to release…

firebase fido-u2f webauthn

asked Dec 10 '18 at 16:36

ELCormier

votes

3 answers

How to implement WebAuthn in an Android App?

I'm intending to use WebAuthn for authentication, as shown at the demo site https://webauthn.io Turns out that Android's WebView (and its iOS counterpart) does not implement this and it is explicitly stated that this won't be happen. One is getting…

android authentication webauthn fido

asked Aug 27 '19 at 11:59

Daniel F

13,684
11
87
116

votes

1 answer

Does Chrome on Android support User Verification on security key using Webauthn / FIDO2?

I'm building a site that is using Webauthn for passwordless log in. Currently, this is working great on Chrome for Windows and macOS. I'm using a YubiKey 5 to test my implementation which supports using a PIN to provide User Verification instead of…

android google-chrome fido-u2f webauthn fido

asked Aug 24 '19 at 22:01

petschekr

1,293
1
13
19

votes

1 answer

WebAuthn across multiple subdomain

I'm trying to set up a WebAuthn authentication flow on my website, but I'm bumping into an issue. I want my users to be able to register their devices on the main website (www.domain.com) so it's easily accessible through their user settings.…

javascript webauthn

asked Mar 10 '19 at 17:48

vixducis

1,010
1
8
22

votes

4 answers

Is password still needed when using Passkeys?

Both Apple and Google have demonstrated Passkeys at their developer conferences (Google I/O and Apple WWDC 2022), and Microsoft is also on board. Being able to transfer passkeys from device to device removes a major limitation of FIDO2/WebAuthn and…

webauthn fido password-less passkey

asked Jun 14 '22 at 08:33

Codo

75,595
17
168
206

votes

1 answer

Managing webauthn credentials across multiple devices

I am trying to integrate webauthn(public key) based authentication into our website.I am facing a problem when end users are switching devices. How do we maintain at the backend the credentials registered per device, if we don't how to decide…

webauthn

asked May 04 '22 at 09:16

Santosh

votes

0 answers

Cannot get credential from webauthn (Chrome + Android)

I am trying to setup webauthn credential login for web app. I am testing it on last Android (Pixel 2) and latest Chrome for Android. I can create and send credential object with function navigator.credentials.create({publicKey}). Key is created with…

javascript google-chrome webauthn

asked Aug 22 '20 at 16:13

beliaban

votes

2 answers

Android WebView Support WebAuthn?

I am not an android developer and stuck at an android thing. I hope someone here can help me out. I am implementing WebAuthn/FIDO2 on my website, which is working perfectly fine with the browsers. But when I open my website in my android app…

android fido-u2f webauthn fido

asked May 22 '19 at 13:35

Priyanka

2 3

…

20 21 Next