Implement login with WebAuthn API

This describes how to implement WebAuthn login scenarios using Transmit's WebAuthn API authentication method.

For all scenarios:
  • WebAuthn credentials should only be registered to verified users
  • Integrate using the relevant quickstart ( Web or iOS ), adapted for your scenario as described below
  • You can manage the user profile as needed, for example, using the user ID ( user_id ) or external user ID ( external_user_id ) if set.

For users managed via Transmit

Scenario: You're using Transmit to both manage and authenticate users.

Before a user registers WebAuthn credentials:

  1. Authenticate the user using a Transmit login method. If they're registering WebAuthn credentials for the first time, it must be a different login method that will verify the user (e.g., email magic link).
  2. Register WebAuthn credentials on the device for the verified username.
  3. Register WebAuthn credentials in Transmit for the logged-in user using the user access token from their Transmit login.

For users managed externally

Scenario: You're managing your users externally, such as using an external identity provider or your own solution

Before a user registers WebAuthn credentials:

  1. Make sure the user has already been verified using an external verification process .
  2. Register WebAuthn credentials on the device for the verified username using the Platform SDK.
  3. Register WebAuthn credentials in Transmit for the logged-out user (logged out of Transmit, not the website) using a client access token and an external identifier of the user in your system. This will create a new user in the Transmit system if no existing user with the external user ID is found; otherwise the credentials are registered to the existing user.
Note
  • To register credentials for new users to your Transmit application, public sign-up must be enabled.
  • If the user already exists for your Transmit application (e.g., by authenticating using a different Transmit login method) but an external user ID wasn't set for this user, this flow will create a new user when they register credentials for the first time.

For users migrated to Transmit

Scenario: You're migrating users to Transmit from an external system, such as an external identity provider

Since these users have already been verified using an external process, you may not want to ask them to verify again. In this case, you can register credentials for these users using the flow described above for externally-managed users.