Passkey integration on the server-side and user-experience upgrades

What are the two main passkey implementation steps?

Passkey registration and authorization with a passkey.

Passkey registration and attestation with a passkey.

Passkey registration and authentication with a passkey.

What are server-side libraries that implement passkey support called?

FIDO server-side libraries

WebAuthn server-side libraries

CTAP2 server-side libraries

What information should be included in `PublicKeyCredentialCreationOptions`?

Information about the user

Information about the RP

Configuration for the properties of the credential you're creating

All of the above

When a passkey is created, which object is returned to the server?

PublicKey

Passkey

PublicKeyCredential

What is a challenge that a server uses to authenticate with passkey?

An ArrayBuffer object with random bytes.

A String with a random string.

An 8 byte Array.

To ensure the challenge fulfills its purpose, it must:

Never be used more than once.

Be cryptographically secure.

All of the above.

What problem do Related Origin Requests solve?

Passkeys are tied to a specific website and cannot be used for signing in on other websites, even when they are related.

Passkeys are not secure enough for authentication.

Passkeys are difficult to use on mobile devices.

How does a website specify origins allowed to use its RP ID?

By serving a special JSON file at the https://{RP ID}/.well-known/webauthn URL.

By setting a special HTTP header.

By using a special JavaScript API.

What is AAGUID?

The public key credential returned on a passkey registration.

A unique number that identifies the specific instance of the authenticator.

A unique number that identifies the model of the authenticator.

What does AAGUID stand for?

Advanced Authentication Granting User Identification Data

Authenticator Attestation Globally Unique Identifier

Application-Agnostic Global Unique Identifier