Setup for General Integration
To get started, you will need to register a LoginID account. If you don't have an account yet, go to the following link to register an account.
Once you're in the dashboard, you can create an Application for your organization to enable client application integrations.
Creating an Application
To enable passkey authentication on your website and access LoginID’s user and credential management services, you must create an application linked to your domain. Each application is isolated and includes:
- A unique
base URLfor accessing and using LoginID services - A separate set of users (unique usernames per application)
Requirements:
- For production, you must use a fully qualified domain name with a valid TLS certificate (e.g.,
https://yourdomain.com). - For local development, create a separate application using a localhost URL (e.g.,
http://localhost:3000). TLS is not required in this case.
Steps to Create An Application With Basic Options [Default]
- Navigate to the
Applicationstab. - Click the
Create Applicationbutton. - Provide an optional name and your website's URL.
Steps to Create An Application With Advance Options
For advanced use cases, such as having multiple allowed origins(subdomains) to access same users as your primary website domain,
- Go to the
Applicationstab. - Click the Create Application button.
- Opt for
Advanced Setup.
Updating Application Settings
Modifications to applications might be necessary to:
- Adjust allowed origins.
- Include subdomains in your passkey integration.
- Incorporate an Android Fingerprint for native Android compatibility for passkeys.
To update an application:
- Access the
Applicationstab. - Choose the application you wish to modify.
- Navigate to the
Settingstab.
Adding Android Fingerprint
Digital Asset Links files ensure secure cross-platform authentication by verifying the link between Android apps and web domains, using SHA-256 fingerprints to confirm the app’s integrity and ownership. This process is needed for enabling passkeys on Android native applications.
To integrate passkeys into your native Android application with LoginID, you must register the SHA-256 fingerprint of your application. This is achieved by inputting the fingerprint into the Fido2 section. Doing so establishes the fingerprint as an allowed origin.
Registration Requires Authentication Token
Enabling this option secures the user registration process with a passkey by requiring an authorization token. This token must be sent as an Authorization Bearer token or included as a token option within the SDKs for API calls.
This feature prevents unauthorized calls to the register API, ensuring that the registration process begins on your server. A management token is generated on your server, allowing for verification checks before issuing the token to the client (via API or SDKs).
This is particularly useful for integrating with user pools other than LoginID's. By enabling this option, you protect the register API from username takeovers, as the process requires a management token generated on your server after verification.
The related API that requires this token can be found here.
The SDKs can accept this token as an optional field parameter in the createPasskey method.
