Web Authentification API
Parts
π Relying party
π Public key credential
πΎ Authenticator
πͺͺ Attestation (optional)
Checking that the device is real
// check if service is available on current device
PublicKeyCredential. isUserVerifyingPlatformAuthenticatorAvailable ()
// create a new credential
navigator.credentials. create ()
// use an existing credential (when signing in)
navigator.credentials. get ()
Face ID and Touch ID
Onboard user
User to sign in with regular email and password
Ask user if they want to use TouchId from now on
Enrollment
const options = {
publicKey: {
// your website
rp: { name: "example.com" },
// user information
user: {
name: "[email protected] " ,
id: userIdBuffer,
displayName: "John Appleseed" ,
},
pubKeyCredParams: [ { type: "public-key" , alg: - 7 } ],
challenge: challengeBuffer,
// using a platform as authentificator
authentificatorSelection: { authenticatorAttachment: "platform" },
// optional, if specific security requirements
attestation: "direct"
}
}
const publicKeyCredential = await navigator.credentials. create (options)
Handling response on server
Validate all metadata
Validate the attestation (optional)
Save the credential ID and the public key data
Set a server-side cookie (optional)
Sign in
const options = {
publicKey: {
challenge: challengeBuffer,
allowCredentials: [{
type: "public-key" ,
id: credentialIdBuffer,
transports: [ "internal" ]
}
]
}};
const publicKeyCredential = await navigator.credentials. get (options);