Skip to main content

Authenticate using FIDO2

On your backend, start the approval with a username or userId.

curl -XPOST \
-H "Authorization: Bearer $ACCESS_KEY"\
-H 'Content-Type: application/json;charset=utf-8' \
-d '{ "username": "u_1654", "channel": "fido2"}' \
${APIBASE}/approval | python -m json.tool

Example FIDO2 approval response:

"transactionId": "83c87e51-b4bd-4e01-a108-25aa428e2015",
"userId": "31567ae2-2fb1-466e-84af-4dafa8f9ca78",
"statusToken": "eyJhb...UxMiJ9.eyJ...yIn0.FaqikaKbO8...RNCxwg",
"credentialRequestOptions": {
"challenge": "mesIRDAsQtGXOZ_x3Psmsg",
"timeout": 60000,
"rpId": "",
"allowCredentials": [
"type": "public-key",
"id": "bzPdCIOLINuUz0jVWj5-PfcQY88W6jsCJGBIAbTDdec"
"userVerification": "preferred"

The response contains the userId, the statusToken, and the credentialRequestOptions, required by the Web Authentication API to authenticate with the FIDO2 credential.

To authenticate with the FIDO2 credential, forward the following attributes to your frontend application:

  • credentialRequestOptions
  • userId
  • statusToken

To authenticate with the FIDO2 credential, the FIDO2 JavaScript client requires the following parameters:

  • credentialRequestOptions
  • userId
  • statusToken
// Create the options object with the above parameters.
const authenticateOptions = {

// Call the authenticate function with the options object.
const result = await nevis.auth.fido2.authenticate(authenticateOptions);

Similar to registration, a native browser dialog prompts the user to perform the authorization gesture. Once a user has given consent by doing so, the authenticator generates an assertion.

The FIDO2 JavaScript client then sends the assertion to Authentication Cloud API to finalize the authentication.

Once the process is complete, the result of the transaction is returned in a Promise, regardless of the success or failure of the authentication.