auth
Second-Factor With Web Authentication
Second-factor authentication requires users to confirm their identities through another method in addition to the usual username/password credentials. After supplying the usual username and password, the app sends the user a confirmation code through SMS or Email. The user must enter that confirmation code before the system signs them into the app.
The Second-factor authentication with web authentication feature uses an alternative to the confirmation code method. The alternative is to use an authenticator.
An authenticator is a device such as a PC, mobile phone, or tablet that can:
- Set up a private/public key pair
- Locally confirm consent by a user
How It Works
The following diagram depicts the sign-in flow, before an authenticator is registered:
Now that Express has a public key credential for the authenticator, subsequent sign-ins use the authenticator as a second factor:
If you’re familiar with OpenID Connect (OIDC) specifications, the Web App is the Relying Party, and the ForgeRock Identity Cloud is the Authorization Server.
For more information, see this link for the NPM ForgeRock JavaScript SDK package.
If you have questions email [email protected].