Passkey Authentication

Passkey Authentication#

Overview#

The Passkey Authentication feature in Rave enables a secure and passwordless authentication mechanism, leveraging the Web Authentication (WebAuthn) standard. Passkeys allow users to sign in by selecting a credential associated with their device, removing the need for traditional passwords.

By linking Passkeys to specific devices and user accounts, this feature ensures a seamless and secure authentication experience across supported platforms.

How It Works#

Registration#

Users create a new Passkey credential during the registration process. This involves securely associating a public-private key pair with their account and device, ensuring that only authorized devices can be used for authentication.

Steps:

  1. The user initiates the registration process.

  2. The server prompts the client to generate a Passkey credential using the WebAuthn standard.

  3. A public-private key pair is securely created and stored on the user’s device.

  4. The server stores the public key and associates it with the user’s account.

Authentication#

After registration, users can authenticate themselves by selecting a Passkey credential on their device. This streamlined process offers a fast and secure alternative to password-based logins.

Steps:

  1. The user initiates a login request.

  2. The server sends a challenge to the client.

  3. The client responds to the challenge by signing it with the private key stored on the device.

  4. The server verifies the signature using the stored public key, granting access upon successful verification.

Credential Management#

Passkey credentials can be managed programmatically through the Rave API. Available operations include:

  • Adding new credentials: Users can link additional devices by registering new Passkey credentials.

  • Viewing existing credentials: Retrieve a list of all Passkey credentials linked to a user account.

  • Removing credentials: Revoke access for devices that are no longer in use.

Passkey Settings#

The Passkey feature can be customized via the API settings to meet your application’s unique requirements. Configurable options include:

  • Device Registration Policies: Control how new devices can be added and define limits or criteria for registration.

  • Authentication Requirements: Specify user verification and security settings for Passkey-based logins.

Considerations#

  • Device Dependency: Authentication requires access to the registered device where the private key is stored.

  • WebAuthn Support: Ensure that users’ devices and browsers support the WebAuthn standard.

  • Security: Passkeys leverage strong public-private key cryptography, minimizing risks associated with traditional passwords.

Further Information#

For an in-depth introduction to Passkeys and their benefits, visit the FIDO Alliance Passkeys Overview.

Contents