Implement WebAuthn via Backend API
To authenticate with WebAuthn using Streambird, you need to complete two essential steps: registration and authentication. Registration allows users to associate a WebAuthn device with their account, while authentication verifies their identity. To complete both steps, you must make two requests to Streambird. The first request returns the necessary components to communicate with the WebAuthn device, while the second request transmits the WebAuthn response back to Streambird for verification.
For seamless integration, use the webauthn-json library to convert the JSON request into the appropriate data types by decoding and unmarshalling the body. The library outputs marshalled JSON, which you can send back to Streambird for processing.
WebAuthn Setup
To use WebAuthn, there are two main steps: registration and authentication. Registration involves associating a WebAuthn device with a user, while authentication verifies their identity. For both steps, two requests must be made to Streambird.
The first request returns the necessary components for communicating with the WebAuthn device, while the second transmits the WebAuthn response back to Streambird for verification. To make integration easier, use the webauthn-json library to convert the JSON request into appropriate data types by decoding and unmarshalling the body. The library outputs marshalled JSON, which can be sent back to Streambird for processing.
Step 1: Creating a Streambird User for WebAuthn
If the user attempting to register is not yet associated with a Streambird user ID, you will need to create a new user using Streambird’s /v1/users/create endpoint. You can do this using a cURL request such as the following:
Step 2: Begin and Initate WebAuthn Registration
To authenticate with WebAuthn, you first need to register an authenticator. This will have to happen once per registration. Start by generating the request needed for webauthn-json’s create call. To do this, make a request to Streambird’s /v1/auth/webauthn/registrations/begin
endpoint. You need two fields for the request: a Streambird user_id and the domain where the webauthn-json’s create call will be invoked, i.e. your login page’s domain. There’s one optional field, authenticator_type
, which can be used to require a certain type of WebAuthn device, either platform (like a fingerprint reader) or cross-platform. If you omit this field, Streambird will assume the default platform
type is acceptable.
Step 3: Use webauthn-json to sign a registration request
To use Streambird, utilize the field public_key_credential_creation_options
from the response received from the /v1/auth/webauthn/registrations/begin
endpoint within the browser, and call the create method of webauthn-json. Be sure to handle any potential errors that may occur during this process, such as the absence of available WebAuthn devices for registration. Upon successful completion of the WebAuthn call, stringify the response in JSON format and prepare for another call to Streambird.
Step 4: Create WebAuthn Registration
In Step 3, we created a JSON object, which we will now use as the public_key_credential in our request to /v1/auth/webauthn/registrations/create
using Streambird. After Streambird validates the credential, it will return the webauthn_credential_id
if the registration is successful. With this registration, the user can now be authenticated using WebAuthn. To ensure the validity of the user’s registration, we recommend storing both the webauthn_credential_id
and domain, which can be checked before calling /v1/auth/webauthn/authentication/begin
for future logins.
Step 5: Begin Authentication
To initiate authentication, you will use webauthn-json
’s get method to generate a request. This request is created by sending a request to /v1/auth/webauthn/authentication/begin
and including two fields: the user_id
of the user and the domain
on which the WebAuthn call will be executed.
Step 6: Calling webauthn-json’s Get Method
To use webauthn-json’s get method, access the public_key_credential_request_options
field from the /v1/webauthn/registrations/begin
response and utilize it in the browser. Take care to handle any errors that may occur during this process. Once webauthn-json’s get method has been successfully called use the JSON object for the API call to Streambird.
Step 7: Verify the WebAuthn Authentication
After calling webauthn-json’s get method using the data obtained from calling /v1/auth/webauthn/authentication/begin, you can use the resulting JSON object as the public_key_credential
field to initiate authentication by sending a request to /v1/auth/webauthn/authentication/verify
through Streambird. If there are any issues with the provided credential, Streambird will respond with a 400 error. Otherwise, a 200 response indicates that the authentication was successful.
Congratulations, you’re all set!
Now that you have successfully integrated WebAuthn, you have all the necessary components to authenticate your users securely. If you have any feedback or suggestions regarding the integration, we would love to hear from you as we value your input.