Product Documentation

    Registration flow for "discoverable credentials" does not differ from the general FIDO Registration flow. However, the following change is required by the web application to register a "discoverable credential":

    • Web applications must specify "residentKey" in AuthenticatorSelectionCriteria to signal their intent for a "discoverable credential" by setting "authenticatorSelection.requireResidentKey" to 'true' and "authenticatorSelection.residentKey" to 'required'. 

     

    Below is the quick overview for the Registration flow

    1. The web application calls the preregister web service to get a challenge:

      preregister request with username:

      {
  "svcinfo": {
    "did": 1,
    "protocol": "FIDO2_0",
    "authtype": "PASSWORD",
    "svcusername": "svcfidouser",
    "svcpassword": "Abcd1234!"
  },
  "payload": {
    "username": "johndoe",
    "options": {}
  }
}

        

    2. In response, SKFS returns a challenge to the web application. 

      {
    "Response": {
        "rp": {
            "name": "StrongKey FIDO Server",
            "id": "strongkey.com"
        },
        "user": {
            "name": "johndoe",
            "id": "CXW...FMK4",
            "displayName": "first FIDO credential"
        },
        "challenge": "YGmdBIb0JGVE6ZXucUn_Ew",
        "pubKeyCredParams": [{
            "type": "public-key",
            "alg": -7
        }, ...
        {
            "type": "public-key",
            "alg": -39
        }],
        "excludeCredentials": [],
        "attestation": "direct"
}

    3. The browser code JavaScript sends the challenge to the Authenticator. Once they receive a response from the Authenticator, the web application calls the register web service on SKFS:

      register request:

      {
  "svcinfo": {
    "did": 1,
    "protocol": "FIDO2_0",
    "authtype": "PASSWORD",
    "svcusername": "svcfidouser",
    "svcpassword": "Abcd1234!"
  },
  "payload": {
    "publicKeyCredential": {
      "id": "MBDVx...c8wA",
      "rawId": "MBDVx...c8wA",
      "response": {
          "attestationObject": "o2Nm...ZqFA",
          "clientDataJSON": "eyJ0...bSJ9"
      },
      "type": "public-key"
    },
    "strongkeyMetadata": {
      "version": "1.0",
      "create_location": "Cupertino, CA",
      "origin": "https://demo.strongkey.com",
      "username": "johndoe"
    }
  }
}

    4. A successful registration response is returned to the web application once SKFS verifies the response.

      {
    "Response": "Successfully processed registration response",
    "responseCode": "FIDO-MSG-0004",
    "skfsVersion":"4.10.0",
    "skfsFQDN":"example.strongkey.com",
    "TXID":"1-169-1679354369053"
}