Configuring FIDO2

This flow can be reimplemented and integrated into their own pages and platform directly using the cidaas APIs

fido2-devel-perspective

Below is the step-by-step breakdown for the FIDO2 configuration with and without track_id.

Initiate the Enrollment for FIDO2 initiateFido2.
- Here in the request you can proceed with two methods, i.e., either track_id or token. track_id is expected for suggest_verification_method and token is expected for enrollment profile page.

Explanation of the Request:

Use Case	Path	Explanation	Link
Suggest Verification Method (On The Flight Enrollment for FIDO2)	`{domain}/verification-actions-srv/setup/:method/initiate/:trackId`	The user is already authenticated. In the initiate request the API expects a valid `track_id`, based on which the user will be identified.	Link to API
Enrollment in the Profile Page	`{domain}/verification-actions-srv/setup/{method}/verification`	The user is already authenticated. In the initate request the API expects a valid `{access_token}`, based on which the user is identified.	Link to API

Explanation of the Response with track ID for FIDO2:

{
    "success": true,
    "status": 200,
    "data": {
        "exchange_id": {
            "exchange_id": "string",
            "expires_at": "2023-12-13T10:27:24.044Z",
            "_id": "string",
            "createdTime": "2023-12-13T10:17:24.046Z",
            "updatedTime": "2023-12-13T10:17:24.046Z",
            "__ref": "string",
            "id": "string"
        },
        "authenticator_client_id": "string",
        "fido2_entity": {
            "type": "REGISTER",
            "fidoRequestId": "string",
            "server_challenge": {
                "challenge": "string",
                "rp": {
                    "id": "string",
                    "name": "string"
                },
                "user": {
                    "id": "string",
                    "name": "string",
                    "displayName": "string"
                },
                "authenticatorSelection": {
                    "requireResidentKey": false,
                    "userVerification": "discouraged"
                },
                "attestation": "none",
                "pubKeyCredParams": [
                    {
                        "type": "public-key",
                        "alg": -7
                    }
                ] 
            }
        },
        "sub": "string",
        "status_id": "string"
    }
}

Key	Meaning
exchange_id	Information related to an exchange. Includes `exchange_id`, `ref` etc.
fido2_entity	Information related to FIDO2 (Fast Identity Online 2) authentication. It includes `type` of registration, and `fidoRequestId` for unique fido request.
server_challenge	Information about the key generated for the device and the server.
authenticator_client_id	A unique identifier for the authenticator client
sub	A unique identifier for the subject.
status_id	A unique identifier for the status.

Create the Public Key with the help of a helper function preformatMakeCredReq() by passing the response from the Initiate API.
To prompt the model for FIDO2 we have to call window.navigator.credentials.create({ publicKey }).
The response from window.navigator.credentials.create({ publicKey }), will help you create the makeCredResponse with the aid of the helper function publicKeyCredentialToJSON.
Call the FIDO2 setup endpoint to configure the enrollment with the backend by passing the makeCredResponse as payload.

API	Description	Link
FIDO2 setup	This API helps perform a setup/authentication action for the FIDO2 verification method using the exchange id and other details passed from the initiate verification method.	Link to API

A successful response indicates that the FIDO2 configuration is successful. Additionally, we can customize the friendly name for this config.

To configure the friendly name config screen, use the following API endpoint.
- Either you can enter the friendly name for the reference or you can skip it.

API	Description	Link
Configure friendly name	This API helps to add a friendly name for your FIDO2 verification method.	Link to API

fido-enrollment

In this method you just need to:

Navigate to FIDO.
Click on the configure, and you will get a pop up of the private key.

API Description Link
Enrollment Initiation The enrollment of a user via authenticator app will provide the URL that is shown e.g as a QR Code in the default user profile Link to API
Accept the key, you will get a popup message to place your finger on the fingerprint sensor.

API Description Link
Enrollment Status This will allow you to verify the enrollment status in the User Profile, to determine when to continue the enrollment completion Link to API

API Description Link
Enrollment Completion After successfully authenticating via e.g. the authenticator app, the enrollment completion will finally enroll the user. Link to API
Add a friendly name to the FIDO.

API Description Link
Add Device Name When using device authentication methods like FIDO2, you can add a user-friendly name Link to API

API	Description	Link
Enrollment Initiation	The enrollment of a user via authenticator app will provide the URL that is shown e.g as a QR Code in the default user profile	Link to API

API	Description	Link
Enrollment Status	This will allow you to verify the enrollment status in the User Profile, to determine when to continue the enrollment completion	Link to API

API	Description	Link
Enrollment Completion	After successfully authenticating via e.g. the authenticator app, the enrollment completion will finally enroll the user.	Link to API

API	Description	Link
Add Device Name	When using device authentication methods like FIDO2, you can add a user-friendly name	Link to API

Need Support?

Please contact us directly on our support page

Need Support?​

Need Support?