Reputation: 1399
Webauthn API and external devices?
I want to implement an authentication on my hybrid web app based on WebAuthnAPI.
What Iam trying to do now is that a user can login via fingerprint or USB also on a mobile device.
Is this possible with an adapter + USB fingerscan like this or with an adapter + USB 2FA device like this
Upvotes: 1
Views: 371
Answers (1)
Reputation: 1107
The answer isn't a simple yes or no, due to the current implementation state of webauthn. From a desktop perspective, you should be good to go with both devices. If you want to make use of the full feature set of webauthn, such as resident keys, I'd advise to go with the newest yubikey devices as the support the new FIDO2 protocol (as opposed to the older FIDO UDF).
On mobile, things become more complicated. On iOS, support for webauthn is as good as non-existant. Apparently, it's an experimental feature in the latest releases, but I've yet to see any reports of it working correctly (most likely because apple still doesn't expose it's NFC hardware). On android, I'd advise to go with a yubikey NFC device as support seems to be the best. Some android devices are an authenticator themselves and keys will be stored in the secure enclave of the device (so you won't need an external authenticator).
Please note that this information is highly reliant on current software implementations and that this could soon change with the release of (among others) iOS 13.
Upvotes: 1
Related Questions
- WebAuthn development on localhost
- Managing webauthn credentials across multiple devices
- webauthn: how can I link my phone to my computer browser
- Automatic authentication in desktop browser with WebAuthn
- Smartphone as Authenticator in WebAuthn
- External Authentication ASP.NET Web API
- App authentication with WebApi on External Servers
- Securing a Web API without user authentication
- Web api service authentication for website as well as devices
- ASP.NET Web API Authentication (Web + Mobile)