CYM Identity adds an extra authenticator which uses WebAuthn.
WebAuthn brings strong customer authentication to the Web using platform specific authenticators - Touch/Face Id (iOS, iPadOS, macOS), Screen Lock (Android) or Windows Hello - in addition to cross platform authenticators (Security Keys like Yubikeys).
WebAuth is available starting version 0.10 and up
In order to use WebAuthn, create an authenticator with cym_WebAuthn as the provider.
WebAuthn requires a specific configuration :
| Attribute | Required | Description |
|---|
| Type | Yes | The Authenticator type. platform refers to Touch ID (iOS, iPadOS, macOS), Screen Lock (Android) or Windows Hello while cross-platform refers to Security Keys like Yubikeys |
| User Verification | Yes | Kind of user verification required during the authentication phase |
| Attestation | Yes | Attestation from the Authenticator. CYM Identity store this information but does not validate it |
| Relying Party Name | Yes | The name displayed to the user |
| Relying Party Url | Yes | The domain name where the authenticator can be used. If you plan on deploying a custom domain, do it before deploying WebAuthn |
| Required Algorithms | No | The Algorithms accepted from the authenticators. Unless you have specific business needs, specify both ES256 and RS256 in this order. Default is RS256. |
You can refer to
WebAuthn for more information on how to programmatically use WebAuthn.
You can visit our
Github repo for a sample UI using WebAuthn