standards based protocols
2FA + WebAutN
Basic two-factor authentication requires a user to provide two forms of identity to gain access to a protected resource or data. After supplying the username and password, the app sends the user a confirmation code through SMS or Email. The user must enter that confirmation code before the system signs them into the app.
The two-factor authentication with WebAuthN workflow uses an alternative to the confirmation code method. The alternative is to use an authenticator.
An authenticator is a device such as a PC, mobile phone, or tablet that can:
- Set up a private/public key pair
- Locally confirm consent by a user
How It Works
The following diagram depicts the sign-in flow, before an authenticator is registered:
Now that Express has a public key credential for the authenticator, subsequent sign-ins use the authenticator as a second factor:
In terms of the OpenID Connect (OIDC) specifications, the Web App is the Relying Party, and the ForgeRock Identity Cloud is the Authorization Server. See The OpenID Foundation Specifications.
For questions or feedback, contact us.