WebAuthn allows users to authenticate with their device's authenticator, like TouchID or Windows Hello, to websites via their browsers.
Because WebAuthn is not supported on all browsers yet, the WebAuthn feature always have a fallback method to Magic Link or OTP verification.
When the user first sign up for your website, they don't have a WebAuthn credential set up. The user will first enter their email or phone number:
Step 1: Verify the user's email or phone number using OTP or Magic Link
Step 2: The SDK will automatically prompt the user to set up WebAuthn for this device.
Step 3: If the user agrees and touch the TouchID sensor, the user can subsequently login using TouchID from the current laptop.
The user may or may not have any WebAuthn credentials set up:
Step 1: The user enters their email or phone number
Step 2: The SDK checks if the user have any WebAuthn credential set up
Yes, the user have a WebAuthn Credential: The SDK will automatically ask the user to login using WebAuthn. The user have the option to fallback to use Magic Link or OTP
No, the user never setup WebAuthn before: The SDK will continue authenticating the user using Magic Link or OTP, then ask the user to setup WebAuthn on the current laptop.