Using a smart phone as an authenticator with WebAuthn

[maranjavatraining]

I am wondering is there any way to use a smart phone as an authenticator through WebAuthn, when the web application is running on a laptop/desktop? if yes, could you please illustrate how can I test it.OR, Is there any live demo for that? any comments accepted Thanks

[equalsJeffH]

@maranjavatraining --

I am wondering is there any way to use a smart phone as an authenticator through WebAuthn...

Yes, see https://fidoalliance.org/fido-alliance-and-w3c-achieve-major-standards-milestone-in-global-effort-towards-simpler-stronger-authentication-on-the-web/ and note the reference to CTAP:

... FIDO’s Client to Authenticator Protocol (CTAP) specification. CTAP enables an external authenticator, such as a security key or a mobile phone, to communicate strong authentication credentials locally over USB, Bluetooth or NFC to the user’s internet access device (PC or mobile phone).

The most recent publicly-available CTAP spec is here: https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html

see also:

• https://cloudblogs.microsoft.com/enterprisemobility/2018/04/12/big-news-in-our-drive-to-eliminate-passwords-fido2-webauthn-reaches-candidate-recommendation-status/
• https://www.aboutchromebooks.com/news/chrome-os-and-chrome-getting-support-for-biometric-2fa-with-ctap2-standard/
• Intent to Ship: WebAuthentication API

[emlun]

This looks like a duplicate of #954.

[jcjones]

Agreed, is a dupe of #954.