Skip to main content

Setup for Generic Integration

To get started, you will need to register a LoginID account. If you don't have an account yet, go to the following link to register an account.

Once you're in the dashboard, you can create an Application for your organization to enable client application integrations.

Creating an Application

Create an application to allow passkey authentication for your associated website domain. An application will manage its own independent set of users(unique username per account) and an unique base URL to LoginID service api endpoints.

To create an application you must have a fully qualified domain name with TLS certificate from a certificate authority. For local development you will have to create a separate application. You can bypass TLS certificate requirement on your local development environment by using locahost url such as http://localhost:3000.

Steps to Create An Application With Basic Options[Default]

  1. Navigate to the Applications tab.
  2. Click the Create Application button.
  3. Select Generic Wizard.
  4. Provide an optional name and your website's URL.

Steps to Create An Application With Advance Options

For advanced use cases, such as having multiple allowed origins(subdomains) to access same users as your primary website domain,

  1. Go to the Applications tab.
  2. Click the Create Application button.
  3. Select Generic Wizard.
  4. Opt for Advanced Setup.

Updating Application Settings

Modifications to applications might be necessary to:

To update an application:

  1. Access the Applications tab.
  2. Choose the application you wish to modify.
  3. Navigate to the Settings tab.

Adding Android Fingerprint

Digital Asset Links files ensure secure cross-platform authentication by verifying the link between Android apps and web domains, using SHA-256 fingerprints to confirm the app’s integrity and ownership. This process is needed for enabling passkeys on Android native applications.

To integrate passkeys into your native Android application with LoginID, you must register the SHA-256 fingerprint of your application. This is achieved by inputting the fingerprint into the Fido2 section. Doing so establishes the fingerprint as an allowed origin.

Registration Requires Authentication Token

Enabling this option secures the user registration process with a passkey by requiring an authorization token. This token must be sent as an Authorization Bearer token or included as a token option within the SDKs for API calls.

This feature prevents unauthorized calls to the register API, ensuring that the registration process begins on your server. A management token is generated on your server, allowing for verification checks before issuing the token to the client (via API or SDKs).

This is particularly useful for integrating with user pools other than LoginID's. By enabling this option, you protect the register API from username takeovers, as the process requires a management token generated on your server after verification.

The related API that requires this token can be found here.

The SDKs can accept this token as an optional field parameter in the createPasskey method.