FIDO webauthn authentication and registration from android smartphone
140 views
Skip to first unread message
Mohd Imran
Dec 11, 2023, 8:48:36 PM12/11/23
to FIDO Dev (fido-dev)
Hi and very good morning.
I am very new and have very little knoweldge in authentication especially in passwordless area but this tech really interest me. Currently i have gone through the specification in FIDO alliance website but couldn't really understand the technical aspect of the specification.
my scenario is i would like to study on authentication and registration through my smarpthone when opening a website to access resources on my laptop
thus, i have a questions below and hopefully will get better understanding of this :-
a) using FIDO2 webauthn, can I register and authenticate directly through smartphone only (using biometric) or do i need a security token authenticator and authenticate and register through the smartphone?
b) if i can in (a), can i add another smarpthone as a second authenticator (means i can use either phone) for authentication?
c) the webauthn is mention in the specs requires to have browser that FIDO2 support, hence if i authenticate and registration through my phone, it is mention that i need to connect phone to the laptop using bluetooth, is it possible to use IP address (same LAN) or through the internet?
d) and lastly, is webauthn can be used standalone for the scenario i mention, or it is required to use other fido protocol such as UAF with webauthn?
thank you so much and best regards
Arshad Noor
Dec 13, 2023, 7:35:05 AM12/13/23
to Mohd Imran, FIDO Dev (fido-dev)
Imran,
I sympathize that you are having difficulty with the specifications - it
is not an easy journey for someone new this ecosystem.
I suggest you review this presentation to get a broad overview of some
of the background and mechanics. Bear in mind that this is an older
presentation and many things are (unfortunately) fluid in FIDO world.
https://blog.strongkey.com/resources/getting-ready-for-passwordless-authentication-with-fido2
If you have a Windows 10 PC with a TPM, or a Windows 11 PC, you should
be able to get a flavor for how FIDO works using any of the demos at
https://demos.strongkey.com. If you have a Security Key, you can pretty
much get that flavor from any PC with a modern browser.
You can also find tutorials, a FIDO Certified open-source server and
documentation at https://docs.strongkey.com.
Once you have this big-picture understanding, you should be able to
follow the specifications a little more easily and formulate your
questions a little more precisely.
Good luck.
Arshad Noor
StrongKey
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
I sympathize that you are having difficulty with the specifications - it
is not an easy journey for someone new this ecosystem.
I suggest you review this presentation to get a broad overview of some
of the background and mechanics. Bear in mind that this is an older
presentation and many things are (unfortunately) fluid in FIDO world.
https://blog.strongkey.com/resources/getting-ready-for-passwordless-authentication-with-fido2
If you have a Windows 10 PC with a TPM, or a Windows 11 PC, you should
be able to get a flavor for how FIDO works using any of the demos at
https://demos.strongkey.com. If you have a Security Key, you can pretty
much get that flavor from any PC with a modern browser.
You can also find tutorials, a FIDO Certified open-source server and
documentation at https://docs.strongkey.com.
Once you have this big-picture understanding, you should be able to
follow the specifications a little more easily and formulate your
questions a little more precisely.
Good luck.
Arshad Noor
StrongKey
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Tim Cappalli
Dec 13, 2023, 9:25:58 AM12/13/23
to Mohd Imran, FIDO Dev (fido-dev)
Hey Mohd!
-
yes, you can create a passkey on your mobile device and it will be available for sign in both locally on the device and on other devices via
Cross-Device Authentication
-
most relying parties (sites/services) allow you to add multiple passkeys to your account
-
both the OS and browser must have WebAuthn support. Every major OS and browser has WebAuthn support and can support signing in with passkeys, both locally and cross-device.
- WebAuthn is the JS API for the web platform and is the only thing an RP web developer needs to interact with.
hope that helps
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d381ba1e-60a5-4195-be75-f9c67ebfe169n%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages