Enroll a FIDO2 Passkey

An essential first step in improving authentication security and user experience is enrolling a FIDO2 passkey in authID. Users can safely authenticate to online services using passwordless or multi-factor authentication techniques, such as biometrics and physical security keys, by utilizing FIDO2, an advanced authentication standard. Users can enroll in FIDO2 passkeys with authID, a state-of-the-art authentication platform that delivers a smooth and extremely secure authentication solution.

Start User Passkey Enrollment

In the backend, call the Create New Operation Endpoint with the following request body (example):

  "AccountNumber": "AccountV2",  
  "Codeword": "",  
  "Name": "EnrollFido2Credential",  
  "Timeout": 3600,  
  "TransportType": 0,  
  "Tag": ""  

The AccountNumber must match the value you specified during Account Creation.

EnrollFido2Credential can be used more than once per account, i.e. user can have more than one Passkey. Note however that the user receives an error if attempting to enroll the same device twice.

A transport type of 0 returns an OperationId and OneTimeSecret.

Example Response Body:

   "OperationId": "113e838b-be34-53e9-c52f-3cc45b2d10ce",
   "OneTimeSecret": "TbAeETwpOxbvKy7rWCeOcQ=="  

Display the User Interface

Save these values from the response and use them to display the capture experience to the user.

The other options for TransportType parameter usage are described in the Out-of-band Transactions section.

Wait for the Enrollment Completion

When the user completes Enrollment, the status changes from 0 - Pending to 1 - Accepted. Refer to the Transaction Statuses section for more details.


Common Transaction Status

The Transaction Statuses are common between Enrollment and Authentication workflows.

The application has several ways to detect when the status changes.

  • Periodic poll of backend for Enrollment operation status change using Operation Status Endpoint
  • Embedded Integration can listen to Web Component Events for web integration or to JavaScript bridge events for WebView integration. The UI emits the signal that the user has reached the "final page" of the experience.

Please refer to the Web Component Events section for more details.

The best strategy from both a UX transition reaction time and system load perspective is to:

  • Listen to events from the Web Component / WebView.
  • When the user reaches the final page, pass the signal from your application frontend to your application's backend.
  • Confirm the status change via the backend Operation Status Endpoint.
  • As a backup, poll status changes periodically using Operation Status Endpoint, for example, once every 5 seconds.

Both Out-of-band and Embedded integrations can use Webhook to receive notifications when the status changes. Note that webhooks are not queued and do not have guaranteed delivery, so the periodic polling backup strategy still applies.