To learn more about WebAuthn, visit: webauthn.io/ Duo Labs researcher, Nick Steele, gives an overview of WebAuthn and provides some detailed examples of how this technology works.
I'm only at 16 minutes into the presentation, but I had to pause and say... Finally, an explanation that I can understand! For about a week I have been trying to figure out what is actually happening when I plug in my new YubiKey and use various functions. Along with other things I've watched and read, this presentation brings it all together for my non-technical brain. Thanks!
Useful explanation, even in 2024. Particularly useful for devs who actually have to implement .create and .get and parse the responses to each on the backend. Thanks!
Good stuff! Does the authenticator store public and private keys created during the registration process on to the authenticator device (yubikey) for retrival during login or is it generated again during login?
I got lost after about 20 minutes and then I started to feel like a moron. If anyone feels the same way, just try it again. It's not the fault of the presentation, it's just that it's really such a complex topic.
Yes, you can check if WebAuthn is supported through checking if window.PublicKeyCredential is undefined or not. You can also check if a platform authenticator is present, through: window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable() which returns a Promise value.