WebAuthn, short for Web Authentication API, is a web standard that allows web applications on compatible browsers to authenticate users using a variety of authenticator types, including biometric sensors and secure hardware keys. However, implementing WebAuthn securely can be a challenge, as it requires developers to have a deep understanding of the API’s intricacies. This is where Streambird’s WebAuthn product comes in handy, as it provides a simplified abstraction layer that allows developers to implement WebAuthn quickly and securely without having to worry about implementation details.
Setting Up WebAuthn
To use WebAuthn, there are two primary steps involved in the authentication flow: registration and authentication. During the registration step, a WebAuthn device is registered for a user, and during the authentication step, an authentication attempt is made.
For both registration and authentication, Streambird provides two requests that developers can use. The first request returns the necessary components to communicate with the WebAuthn device, while the second request is used to pass the response from the WebAuthn call back to Streambird for verification.
Using the webauthn-json library
To make the integration process even smoother, developers can use the webauthn-json library, which is specifically designed to assist with integrating WebAuthn. This library can convert the JSON request into the appropriate data types by unmarshalling and decoding the body, then output marshalled JSON that can be passed back to Streambird.