WebAuthn allows users to authenticate with their device's authenticator, like TouchID or Windows Hello, to websites via their browsers.

Because WebAuthn is not supported on all browsers yet, the WebAuthn feature always have a fallback method to Magic Link or OTP verification.

Signing Up

When the user first sign up for your website, they don't have a WebAuthn credential set up. The user will first enter their email or phone number:

• Step 1: Verify the user's email or phone number using OTP or Magic Link

• Step 2: The SDK will automatically prompt the user to set up WebAuthn for this device.

• Step 3: If the user agrees and touch the TouchID sensor, the user can subsequently login using TouchID from the current laptop.

Logging In

The user may or may not have any WebAuthn credentials set up:

• Step 1: The user enters their email or phone number

• Step 2: The SDK checks if the user have any WebAuthn credential set up

  • Yes, the user have a WebAuthn Credential: The SDK will automatically ask the user to login using WebAuthn. The user have the option to fallback to use Magic Link or OTP

  • No, the user never setup WebAuthn before: The SDK will continue authenticating the user using Magic Link or OTP, then ask the user to setup WebAuthn on the current laptop.