Authenticating

  • Published on Oct 22, 2025
  • 1 minute(s) read
Prev Next

To perform an authenticating operation with the OneSpan FIDO2 SDK, you need to create an AuthenticatingFinalize object and provide the following interface implementations required by this object constructor:

  • authenticatorCredentialDataProvider: Implementation of the AuthenticatorCredentialDataProvider interface allowing access to stored AuthenticatorCredential objects.
  • authenticationExtensionVerifier: Responsible for verification of the extension used in the WebAuthn authentication process.

Table: Authenticating methods and parameters lists the methods, their parameters, and the objects they return.

  Table:  Authenticating methods and parameters
PurposeParametersReturned object
Method: generatePublicKeyCredentialRequestOptions()
Initialize the authentication process.
  • publicKeyCredentialDescriptors: List of PublicKeyCredentialDescriptor objects that can be appended to the outgoing message to define which credentials should be used during authentication.
  • userVerificationRequirement: Use verification requirement for this operation.
  • authenticationParameters: Represents the authentication process parameters passed to SDK components.
PublicKeyCredentialRequestOptions: Object to be sent back to the requesting client.
Method: finalizeAuthentication()
Finalize the authentication process.
  • publicKeyCredential: publicKeyCredential object returned from the client.
  • allowCredentials: Credentials returned to the client during the first step of the authentication process.
  • authenticatorCredentialsForThisUserHandle: Credentials for the user that is being authenticated.
  • userVerificationRequirement: User verification requirement that was sent to the client during the first step.
  • expectedTokenBinding: Token binding information.
  • expectedExtensions: Extensions that were requested from the client during the first step.
  • authenticationParameters: Authentication parameters for the authentication process.

  • policy: Optional. A policy object that defines the allowed and disallowed authenticators (see FIDO2 policies).

    This method has 2 overloaded versions, one with the policy parameter and one without.

    If the method is used without this parameter, then all authenticators are allowed.

PostAuthData: Object to be stored after the operation.