Overview#
WebAuthn Registration is the process of Credential Enrollment as implemented within the Web Authentication APIWhen a user wants to register a credential to a website (referred to by WebAuthN as the "WebAuthn Relying Party"):
- The WebAuthn Relying Party generates a challenge.
- The WebAuthn Relying Party asks the browser (WebAuthn Client), through the Credential Management API, to generate a new credential for the WebAuthn Relying Party, specifying device capabilities, e.g., whether the WebAuthn Client Device provides its own user authentication (with biometrics, etc).
- After the authenticator obtains user consent, the authenticator generates a Key pair and returns the Public Key and optional Digitally Signed attestation to the WebAuthn Relying Party.
- The WebAuthn Relying Party forwards the Public Key to the server.
- The server stores the Public Key, with a Binding with the UserId, to remember the credential for future authentications (WebAuthn Authentication).