WebAuthn Authentication | Request

When a user attempts to log in, the browser sends a request to the server asking for the authentication options (also called "assertion options").

 

{
  "username": "alice@example.com"
}

 

This request allows the server to:

 

• Generate a challenge (a secure, random value).
• Look up which credentials (public key IDs) are valid for this user.
• Respond with cryptographic parameters that the browser will use in navigator.credentials.get().

 

When the WebAuthn Server Component receives this request, this is typically done via an HTTPS POST request from the browser to a server endpoint (e.g., /sgcWebAuthn/Authentication/Options), the event OnWebAuthnAuthenticationOptionsRequest is called, so you can add the credentials associated with the username (if any).

 

public void OnWebAuthnAuthenticationOptionsRequest(
    object sender,
    TsgcWebAuthn_AuthenticationOptions_Request aRequest,
    ref TsgcWebAuthn_CredentialRecords credentialRecords,
    ref bool accept)
{
    if (UserExistsInDB(aRequest.Username))
    {
        while (!EOF())
        {
            credentialRecords.AddCredentialRecordFromJSON(RecordFromDB());
            Next();
        }
    }
}