FIDO2 implementation options

When implementing FIDO2 authentication and registration, you can choose between two common methods regarding how your application communicates with the Authentication Cloud. The method you choose defines the exact authentication and registration flow. Follow the links in the sections below to see the details for each flow type.

Direct communication

With this method, the frontend of the application communicates directly with the Authentication Cloud. For this reason, the application backend needs to poll the Authentication Cloud for status updates.

Register a FIDO2 authenticator (direct communication)
Authenticate with FIDO2 (direct communication)

Indirect communication

With this method, the frontend of the application always communicates with the application backend, and the application backend forwards information to the Authentication Cloud backend and back. This means that in this setup, the Authentication Cloud communicates with the application backend, never the application front end.

Register a FIDO2 authenticator (indirect communication)
Authenticate with FIDO2 (indirect communication)

FIDO2 implementation options

Direct communication​

Indirect communication​

Direct communication

Indirect communication