Overview#

WebAuthn Authentication is when a website (WebAuthn Relying Party) needs to obtain proof that it is interacting with the correct user.* The WebAuthn Relying Party generates a challenge and supplies the browser with a list of credentials that are bound to the UserId. (this binding was performed in WebAuthn Registration)

• • The WebAuthn Relying Party can also indicate where to look for the credential, e.g., on a local built-in authenticator, or on an external authenticator over USB, BLE, etc.
• The browser (WebAuthn Client) asks the authenticator to [Digitally Signed]] the challenge.
  • If the authenticator contains one of the given credentials, the authenticator returns a Digitally Signed assertion to the Website after receiving user consent.
• The Website forwards the Digitally Signed assertion to the server for the WebAuthn Relying Party to verify.

Once verified by the WebAuthn Relying Party, the authentication flow is considered successful.

More Information#

There might be more information for this subject on one of the following:

• Web Authentication API
• WebAuthn Registration