How to deploy FIDO2 based authentication into your systems/services?


In this section, we walk through some sample scenarios. Note that this is an example flow and does not limit the scope of how the solution can be used.

Many services around the world are using FIDO Authentication today. Take a look at them for practical use. Here are sample of developments in production.

Sample Scenarios: Registration

This is the first flow, in which a new credential is created and registered with the server.

  • 1
    The user visits example.com and accesses to Account page. At this point, the user may already be logged in using username and password, or additional authenticator, or other means acceptable to the Relying Party. Or the user may be in the process of creating a new account.
  • 2
    The user adds new credential/security key.
  • 3
    The server creates challenge after receiving user information and sends to the client.
  • 4
    The client connects to the authenticator, performing any pairing actions if necessary.
  • 5
    The user selects the authenticator in case RP has not specified authenticator attachment, performs a biometric or other authorization gesture.
  • 6
    If a new credential was created, the authenticator sends response to the server for attestation. If successful, the server stores the credential public key in its database.

Now the user can use registered authenticator to login to example.com.

Example Pages

An example in real web pages from registration, authentication to credential management.