CYM Identity adds an extra authenticator which uses WebAuthn.
WebAuthn brings strong customer authentication to the Web using platform specific authenticators - Touch/Face Id (iOS, iPadOS, macOS), Screen Lock (Android) or Windows Hello - in addition to cross platform authenticators (Security Keys like Yubikeys).
WebAuth is available starting version 0.10 and up
In order to use WebAuthn, create an authenticator with cym_WebAuthn
as the provider.
WebAuthn requires a specific configuration :
Attribute | Required | Description |
---|
Type | Yes | The Authenticator type. platform refers to Touch ID (iOS, iPadOS, macOS), Screen Lock (Android) or Windows Hello while cross-platform refers to Security Keys like Yubikeys |
User Verification | Yes | Kind of user verification required during the authentication phase |
Attestation | Yes | Attestation from the Authenticator. CYM Identity store this information but does not validate it |
Relying Party Name | Yes | The name displayed to the user |
Relying Party Url | Yes | The domain name where the authenticator can be used. If you plan on deploying a custom domain, do it before deploying WebAuthn |
Required Algorithms | No | The Algorithms accepted from the authenticators. Unless you have specific business needs, specify both ES256 and RS256 in this order. Default is RS256. |
You can refer to
WebAuthn for more information on how to programmatically use WebAuthn.
You can visit our
Github repo for a sample UI using WebAuthn