WebAuthN MFA Challenge

Instead of manually implementing the protocol we advise using a WebAuthN library for browser. In this section @simplewebauthn/browser will be used.

Registration:

During registration, the client generates a new public-private key pair, and the public key is registered with PlusAuth. The private key never leaves the end user's device.

PlusAuth provides registration options in window.PlusAuth.details.registration_options.

Authentication:

To authenticate, the end users simply need to prove possession of their private key, which can be done through biometrics, PINs, or other user-friendly methods.

PlusAuth provides authentication options in window.PlusAuth.details.authentication_options.

Registration

const { startRegistration } = SimpleWebAuthnBrowser;
const response = await startRegistration(window.PlusAuth.details.registration_options)
// implement post response

session

Request Body

response
object

WebAuthN response object. This object is generated from WebAuthN libraries.

WebAuthN MFA Challenge

Registration:

Authentication:

Request Body

response
object

response.
id
string
Zorunlu

response.
rawId
string
Zorunlu

response.
type
string
Zorunlu

response.
response
object
Zorunlu

response.
authenticatorAttachment
object

response.
clientExtensionResults
object

WebAuthN MFA Challenge

Registration:

Authentication:

Request Body application/json

responseobject

response. idstringZorunlu

response. rawIdstringZorunlu

response. typestringZorunlu

response. responseobjectZorunlu

response. authenticatorAttachmentobject

response. clientExtensionResultsobject

Request Body

response
object

response.
id
string
Zorunlu

response.
rawId
string
Zorunlu

response.
type
string
Zorunlu

response.
response
object
Zorunlu

response.
authenticatorAttachment
object

response.
clientExtensionResults
object