What is webAuthn?

WebAuthn is a web API that allows users to authenticate using public key cryptography instead of a password. It is an open standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.

How does it work?

WebAuthn enables users to register and authenticate with a website using a security key, such as a hardware authenticator on their laptops or mobile device connected to their accounts.

The security key holds a unique public-private key pair to authenticate the user.

When a user wants to log in to a website, the website sends a challenge to the security key, which must be confirmed by pressing a button or entering a PIN. The security key then sends back a response verified by the website.

How does it interact with the front end and secure Enclave for apple devices?

WebAuthn can be used to authenticate users on the front end of a website, for example, by providing a way for users to log in with a security key.

In the case of Apple devices, the Secure Enclave is a coprocessor that can store and process the private key associated with a user's security key. The Secure Enclave is isolated from the central processor, which makes it more difficult to compromise the key.

When a user wants to log in, the website sends a challenge to the Secure Enclave, which the user must confirm by using a touch ID or pin. The Secure Enclave then sends back a signed response verified by the website.