At this stage you have selected WebAuthn as your primary MFA option for your mobile solution. We are going to cover a variety of steps and concepts to help your implementation. In this section we will provide a list of implementation guides for common ecosystems. If you are unfamiliar with WebAuthn then please proceed to the following section that includes resources for you to take a deeper dive into the concepts, and a how-to on deploying a sample application
Below are guides to help you implement your WebAuthn application for a variety of different mobile ecosystems. While your authenticator will work across a wide variety of ecosystems there are some nuances that could include:
Using the WebAuthn API in web browsers vs the API’s available in native applications
Browser specific behaviors including prompts, and available functionality
Each guide below will note some of these nuances, and will provide implementation guidance such as code samples to help you overcome these challenges.
Before you begin your implementation be sure to consult our WebAuthn compatibility matrix to ensure that you understand what features are/aren’t available in specific environments.
If you are not familiar with WebAuth, and are looking to dive into the vast array of concepts, then please use our WebAuthn primer for mobile development. This will provide a variety of resources including: links to helpful documentation, considerations for mobile development, and a guide for deploying your own sample application.
An architectural decision that you should consider is if you will need native applications for different ecosystems. As with all things in technology the answer is “it depends”. If you develop a web application that leverages WebAuthn, the answer is no. Your users will be able to access the same experience across different ecosystems. It’s worth noting that some browsers may not have specific WebAuthn functionality built into it at the moment. Ensure you consult our WebAuthn compatibility matrix to ensure that you understand what features are/aren’t available in specific browser + OS combinations.
If your users are going to be using your application from a native application, then the answer is yes, you will need specific client apps for each mobile ecosystem. Android and iOS each allow for a degree of support for WebAuthn in native applications. The nuances will be covered in the ecosystem specific guides in the following section.