AT.AuthFi simply communicates with your service through a REST API .
FIDO protocol has two main user flows; registration and authentication. This flow shows registration and authentication of FIDO2/webauthn.
Registration
According to the FIDO spec, registration generates a user key pair and registers the public key with the AT.AuthFi FIDO server, which takes the user's identity at each subsequent authentication session. The following is a brief description of the FIDO registration process.
1. Server of your RP calls API to create a registration challenge.
2. Server of your RP sends the challenge to web client of your RP.
3. Web client requests user's FIDO authenticator (ATKey) to create a new key pair.
4. Web client then sends the new public key to server of your RP.
5. Server of your RP calls API to register the new public key.
1. Server of your RP calls API to create a registration challenge.
2. Server of your RP sends the challenge to web client of your RP.
3. Web client requests user's FIDO authenticator (ATKey) to create a new key pair.
4. Web client then sends the new public key to server of your RP.
5. Server of your RP calls API to register the new public key.
Authentication
Authentication is a process that utilizes a pre-registered public key credential to authenticate the user. FIDO's authentication flow is as follows:
1. Server of your RP calls API to create a authentication challenge.
2. Server of your RP sends the authentication challenge to web client of your RP.
3. Web client calls API to sign the authentication challenge.
4. Web client then sends the signature to server of your RP.
5. Server of your RP calls API to verify signature.
1. Server of your RP calls API to create a authentication challenge.
2. Server of your RP sends the authentication challenge to web client of your RP.
3. Web client calls API to sign the authentication challenge.
4. Web client then sends the signature to server of your RP.
5. Server of your RP calls API to verify signature.