FIDO UAF v Webauthn

[DiegoJ]

Hi All,

If I wanted to build a passwordless pure native experience for mobile, would it better to consider solutions/products that have implemented FIDO UAF under the covers as opposed to a native implementation of WebAuthn ?

What are the advantages of the FIDO UAF approach ?

Thanks, Diego

[Shane Weeden]

Admittedly a little biased, but personally I would look at FIDO2 (not UAF) message payloads implemented on top of OS-native platform authenticator APIs. I believe this gives you the best control over pure-native UX, whatever extensions you want to support, and moves the needle forward in terms of specification and server support. In my limited experience I’ve found Android supports this pretty well ootb with their native APIs. Here’s an open-source example of something along the same lines for iOS that doesn’t rely on the platform WebAuthn/passkeys implementation and gives you a device-bound registration: https://github.com/ibm-security-verify/verify-sdk-ios/tree/main/examples/fido2

You’ll find others if you go looking.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bb83736f-53b1-4630-9428-06a67ddc6cbfn%40fidoalliance.org.