Users can register with a WebAuthn Credential (aka "Passkey") or with a raw Public/Private Key
Private Key Credentials
When registering a user with a private key, you need to:
Get a registration challenge from the Dfns API
Create the key pair locally
Sign the registration challenge and public key
Return the signed challenge to the Dfns API
The Registration Challenge
A registration challenge is returned from calls to:
/auth/registration/init
/auth/registration/delegated
/auth/credentials/init
In all cases the challenge format is the same. You will recieve an object with the following properties (additional properties exist for managing credentials with WebAuthn):
field
description
How to Sign the Challenge with the Private Key
The user signs the challenge to prove they are in possession of the key being registered. The user will also sign the public key to ensure the key is not replaced when transmitted to Dfns.