Login
    Contenu x
    Overview of the FIDO Client and its authenticators
    • 27 Oct 2024
    • 3 Minutes à lire
    • Sombre
      Lumière
    Contenu

    Overview of the FIDO Client and its authenticators

    • Mis à jour le 27 Oct 2024
    • 3 Minutes à lire
    • Sombre
      Lumière
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    With the FIDO Client and its authenticators for Android and iOS you can perform strong authentication with FIDO in your app instead of having to rely on passwords. The FIDO Client allows a user to login to a mobile application of a relying party (such as a banking app) using different types of password-less authentication.

    Each time the user logs in to the mobile application using FIDO, based on the type of authenticator, the private key stored on the device will be extracted and verified. Once verified, the device communicates with the FIDO Server via JSON messages standardized by the FIDO Client and its authenticators.

    All FIDO keys and secrets always remain on the device itself and cannot be shared or transferred to another device. Also, the FIDO UAF Client SDK does not expose any ID that binds a device to a FIDO user.

    Features of the FIDO Client and its authenticators

    The FIDO Client and its authenticators offer the following features (for more detailed information, see About the Biometric Authenticator and About the Application PIN Authenticator):

    • Support for multiple authenticators

    • Determining available authenticators on a device

    • Removal of local registrations for a specific or all authenticators

    • Standard FIDO UAF operations

    • Process FIDO UAF requests received from server and generate Fido UAF responses

    • Communicate standard FIDO errors to the integrator

    Limitations

    The following limitations apply to the FIDO Client and its authenticators:

    • Exclusively API-based

      The FIDO Client and its authenticators do not provide any user interface (UI) or graphic user interface (GUI), except for the UI provided by the operating system (only for biometric authentication on Android). Consequently, there are no customizable system dialogs or menus, and the FIDO Client and its authenticators do not proivde human readable or user-facing messages like general error messages.

    • No calls or triggering requests to FIDO servers

      The FIDO Client does not have a communication layer to make API calls to a FIDO server and does not trigger any requests such as registration, deregistration.etc.

    • No fallback to other authentication methods

      Neither of the authenticators allows a fallback to any other authentication method than that specified with the authenticator itself.

    Support for multiple authenticators

    You can enable the registration, deregistration, and use of multiple authenticators for your users and their FIDO UAF operations. To provide this functionality, you need to create an instance of the FIDO UAF client from the factory. The instance returned from the factory has all injected authenticators to work with.

    To create an instance of the FIDO UAF client

    1. Instantiate all authenticators you wish to use with your FIDO UAF client.

    2. Pass those authenticators as an array to the factory.

    3. Pass a callback/listener to the factory to choose between available authenticators when requested by the FIDO UAF Client SDK.

    4. Pass a callback/listener to the factory to confirm or refuse a FIDO transaction when requested by the FIDO UAF Client SDK.

    Regardless of how many authenticators are registered during the time a FIDO request is being processed, the FIDO UAF Client SDK calls the callback/listener and provides the available authenticator combinations that can be used with that request, even if there is only a signle authenticator combination available for that operation.

    You can either choose one of the authenticator combinations programmatically, or display a list of available authenticators to your user for them to choose and return an authenticator combination to the FIDO Client instance. Once the chosen combination is received, the SDK will continue processing the FIDO request.

    The same behaviour applies when confirming or refusing a FIDO transaction. In that case the callback/listener will be called and the SDK will wait for a response you defined to continue processing.

    When obtaining an authenticator from the factory and this authenticator is not available on the device (e.g., fingerprint on an iPhone 15), the factory method will throw an exception. If the authenticator is available, an instance will be returned.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle