Skip to main content

FIDO2 architecture overview

FIDO2 architecture overview

User device: A FIDO2 / WebAuthn capable authenticator device, such as a laptop or mobile device which runs the web browser.

Authenticator: Allows the use of biometric methods, for example fingerprint scanning or face detection to authenticate.

Authenticators can be the following:

  • platform authenticators, built into the user device.
  • roaming authenticators, connected to the user device with USB, BLE, or NFC connections.

Relying party The relying party is the web application to secure using WebAuthn, to register and authenticate users. The relying party has a frontend and a backend part. The backend has to communicate with the Authentication Cloud API to start the registration or the authentication.

Authentication Cloud FIDO2 JS client: Authentication Cloud API provides a JavaScript client which handles the communication between the WebAuthn API and the Authentication Cloud API. The frontend of the relying party has to include the Authentication Cloud FIDO2 JS client.