Setup for Generic Integration
To get started, you will need to register a LoginID account. If you don't have an account yet, go to the following link to register an account.
Once you're in the dashboard, you can create an Application for your organization to enable client application integrations.
Creating an Application
Create an application to allow passkey authentication for your associated website domain. An application will manage its own independent set of users(unique username per account) and an unique base URL
to LoginID service api endpoints.
To create an application you must have a fully qualified domain name with TLS certificate from a certificate authority. For local development you will have to create a separate application. You can bypass TLS certificate requirement on your local development environment by using locahost url such as http://localhost:3000
.
Steps to Create An Application With Basic Options[Default]
- Navigate to the
Applications
tab. - Click the
Create Application
button. - Select
Generic
Wizard. - Provide an optional name and your website's URL.
Steps to Create An Application With Advance Options
For advanced use cases, such as having multiple allowed origins(subdomains) to access same users as your primary website domain,
- Go to the
Applications
tab. - Click the Create Application button.
- Select
Generic
Wizard. - Opt for
Advanced Setup
.
Updating Application Settings
Modifications to applications might be necessary to:
- Adjust allowed origins.
- Include subdomains in your passkey integration.
- Incorporate an Android Fingerprint for native Android compatibility for passkeys.
To update an application:
- Access the
Applications
tab. - Choose the application you wish to modify.
- Navigate to the
Settings
tab.
Adding Android Fingerprint
Digital Asset Links files ensure secure cross-platform authentication by verifying the link between Android apps and web domains, using SHA-256 fingerprints to confirm the app’s integrity and ownership. This process is needed for enabling passkeys on Android native applications.
To integrate passkeys into your native Android application with LoginID, you must register the SHA-256 fingerprint of your application. This is achieved by inputting the fingerprint into the Fido2
section. Doing so establishes the fingerprint as an allowed origin.
Registration Requires Authentication Token
Enabling this option secures the user registration process with a passkey by requiring an authorization token. This token must be sent as an Authorization Bearer token or included as a token option within the SDKs for API calls.
This feature prevents unauthorized calls to the register API, ensuring that the registration process begins on your server. A management token is generated on your server, allowing for verification checks before issuing the token to the client (via API or SDKs).
This is particularly useful for integrating with user pools other than LoginID's. By enabling this option, you protect the register API from username takeovers, as the process requires a management token generated on your server after verification.
The related API that requires this token can be found here.
The SDKs can accept this token as an optional field parameter in the createPasskey
method.