1. Development Integration
  2. /
  3. iOS
  4. /
  5. Typical scene
  6. /
  7. WebAuthn

Biometric authentication - WebAuthn passwordless authentication

Update Time: 2025-05-14 08:32:28
Edit

Integrated WebAuthn login

Step 1: Open biometric authentication in Authing Management Console (opens new window)

  1. Find the client application that needs to be started under the self-built application.
  2. Click Login Control.
  3. Tap Biometrics Control and turn on the switch.


Step 2: Add WebAuthn login dependency

  1. Enter: https://github.com/Authing/authing-binary in the swift package search bar.

  2. Select Authing-binary (opens new window).

  3. Select Up to Next Major Version 1.0.0 for the dependency rule.

  4. Check WebAuthn after Add Package.

WebAuthn depends on the version after Guard-iOS 1.4.0 (opens new window).


Login with WebAuthn

Using the WebAuthn supercomponent

Authing WebAuthn SDK provides developers with the Biometric Authentication Button supercomponent, through which developers can integrate WebAuthn passwordless authentication within one minute.

Using the WebAuthn API

If developers want to implement the WebAuthn authentication process by themselves, please refer to Custom-WebAuthn-Authentication Process and develop in combination with the following APIs.

Get WebAuthn credential creation initialization parameters

Obtain the initialization parameters for WebAuthn credential creation, and the user must be logged in before calling this interface.

public func getWebauthnRegistrationParam(completion: @escaping(Int, String?, NSDictionary?) -> Void)

example

AuthClient().getWebauthnRegistrationParam() { code, message, data in
     // data. registrationOptions
}

Verify WebAuthn Binding Registration Authenticator Credentials

Validate WebAuthn Binding Enrollment Authenticator Credentials

func webauthnRegistration(ticket: String, credentialId: String, rawId: String, attestationObject: String, clientDataJSON: String, authenticatorCode: String, completion: @escaping(Int, String?, NSDictionary?) -> Void)

parameter

  • ticket Obtain the ticket when creating the initialization parameters of the credential
  • credentialId Base64URL encoded credential ID
  • rawId Base64URL original credential ID
  • attestationObject Client data, including origin (that is, source of credential request), challenge and other information
  • creclientDataJSONdentialId Base64URL encoded credential ID
  • authenticatorCode credential information type: "fingerprint" "face" "other"

example

AuthClient().webauthnRegistration(ticket: ticket, credentialId: cid, rawId: rid, attestationObject: att, clientDataJSON: clidata, authenticatorCode: "face") { code, message, res in
}

The server verifies the WebAuthn authentication request credentials

func webauthnAuthentication(ticket: String, credentialId: String, rawId: String, authenticatorData: String, userHandle: String, clientDataJSON: String, signature: String, completion: @escaping(Int, String?, NSDictionary?) -> Void)

parameter

  • ticket The ticket obtained from the Get WebAuthn authentication request initialization parameter interface
  • credentialId Base64URL encoded credential ID
  • rawId Base64URL original credential ID
  • authenticatorData Authenticator information, including authentication status, signature count, etc.
  • userHandle The user ID when creating the credential
  • clientDataJSON Client data, including origin (that is, the origin of the credential request), challenge code and other information
  • signature authenticator signature

example

AuthClient().webauthnAuthentication(ticket: ticket, credentialId: cid, rawId: rawId, authenticatorData: attData, userHandle: userHandle, clientDataJSON: clientData, signature: sig) { code, message, res in
}

Delete server-side WebAuthn authentication request credentials

func webauthnRemoveCredential(credentialID: String, completion: @escaping(Int, String?, NSDictionary?) -> Void)

parameter

  • credentialID Base64URL encoded credential ID

example

AuthClient(). webauthnRemoveCredential(credentialID: cid) { code, message, res in
}

Get the list of bound credentials

func checkWebauthnVaildCredentials(credentialIds: [String], authenticatorCode: String, completion: @escaping(Int, String?, NSDictionary?) -> Void)

parameter

  • credentialIds Array of Base64URL encoded credential IDs
  • authenticatorCode credential information type: "fingerprint" "face" "other"

example

AuthClient().checkWebauthnVaildCredentials(credentialIds: [cid], authenticatorCode: "face") { code, message, res in
}