Second-Factor With Web Authentication

Second-factor authentication requires users to confirm their identities through another method in addition to the usual username/password credentials. After supplying the usual username and password, the app sends the user a confirmation code through SMS or Email. The user must enter that confirmation code before the system signs them into the app.

The Second-factor authentication with web authentication feature uses an alternative to the confirmation code method. The alternative is to use an authenticator.

An authenticator is a device such as a PC, mobile phone, or tablet that can:

  • Set up a private/public key pair
  • Locally confirm consent by a user

How It Works

The following diagram depicts the sign-in flow, before an authenticator is registered:

alt text

Now that Express has a public key credential for the authenticator, subsequent sign-ins use the authenticator as a second factor:

alt text

If you’re familiar with OpenID Connect (OIDC) specifications, the Web App is the Relying Party, and the ForgeRock Identity Cloud is the Authorization Server.

For more information, see this link for the NPM ForgeRock JavaScript SDK package.

If you have questions email [email protected].