Custom FIDO2 Authentication Tutorial

Demo

In this scenario password has been removed. It means no password is sent over the internet or stored in a database.
User can choose the values of parameters in registration and authentication. This is useful if you want to try differences or browser support etc.
You can find parameters explanation in Passwordless Authentication.

1. Registration


Browser

Browser sends challenge request with parameters:

{
    "displayName": ,
    "username": ,
    "attestation": ,
    "authenticatorSelection": {
        "authenticatorAttachment": ,
        "userVerification": ,
        "requireResidentKey": 
    }
}
                                        

Server

2. Authentication


Browser

Browser sends challenge request with parameters:

{
    "username": ,
    "userVerification": 
}
                                        

Server