WebAuthN MFA Challenge

Instead of manually implementing the protocol we advise using a WebAuthN library for browser. In this section @simplewebauthn/browser will be used.

Registration:

During registration, the client generates a new public-private key pair, and the public key is registered with PlusAuth. The private key never leaves the end user's device.

PlusAuth provides registration options in window.PlusAuth.details.registration_options.

Authentication:

To authenticate, the end users simply need to prove possession of their private key, which can be done through biometrics, PINs, or other user-friendly methods.

PlusAuth provides authentication options in window.PlusAuth.details.authentication_options.

Registration
const { startRegistration } = SimpleWebAuthnBrowser;
const response = await startRegistration(window.PlusAuth.details.registration_options)
// implement post response
Cookie
session

Request Body

response
object

WebAuthN response object. This object is generated from WebAuthN libraries.

response.
id
string
Required
response.
rawId
string
Required
response.
type
string
Required

Value: public-key

response.
response
object
Required
response.
authenticatorAttachment
object
response.
clientExtensionResults
object
POST
/signin/challenge/webauthn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Loading...