Non web-browser based flows

[cyberbeast]

Although, this would fall under the purview of the Examples discussion, I decided to start a new thread nonetheless. I am exploring the idea of contributing a non-browser based demo. I don't know if this is feasible yet. I am playing around with a simple client to the server demonstrated in the webauthn-example repo and using the json response from the /register/begin route to handle the presented challenge. I've not come across any resource highlighting how this can be achieved outside of the browser and my JS isn't strong enough to understand at a low level what might be going on in the index.html side of things in between the <script> tags. At present I have my Yubikey configured to challenge-response on a long-press of the key. I am hoping to understand the interactions that could happen between calling the /register/begin route and processing the challenge via the challenge-response mechanism and then generating a request body to be posted to /register/finish. Once I can finish that interaction, I'll look at the login flow.

[james-d-elliott]

I would strongly suggest utilizing @simplewebauthn/browser to handle browser based interactions. It's developed by one of the contributors to the standard itself and very simple to get started.

As far as direct interaction this library does not do direct interaction with FIDO2 however if you leverage a library that does and want to perform the same validations that should be possible now (though it's not tested) using BeginRegistration to generate the values for registration to be passed to the FIDO2 lib of choice, then CreateCredential to validate the registration response, likewise BeginLogin and ValidateLogin for the login attempts.