supertokens
diff --git a/‎v3/docs/authentication/webauthn/_category_.json
Lines changed: 4 additions & 0 deletions b/‎v3/docs/authentication/webauthn/_category_.json
Lines changed: 4 additions & 0 deletions
diff --git a/‎v3/docs/authentication/webauthn/_structure.mdx
Lines changed: 44 additions & 0 deletions b/‎v3/docs/authentication/webauthn/_structure.mdx
Lines changed: 44 additions & 0 deletions
diff --git a/‎v3/docs/authentication/webauthn/customise-credential-validation.mdx
Lines changed: 185 additions & 0 deletions b/‎v3/docs/authentication/webauthn/customise-credential-validation.mdx
Lines changed: 185 additions & 0 deletions
@@ -0,0 +1,4 @@
+{
+	"label": "Passkey Authentication",
+	"position": 7
+}
@@ -0,0 +1,44 @@
+---
+title: Structure 
+hide_title: true
+sidebar_position: 1
+---
+
+# Introduction
+## Overview
+## Why to use WebAuthn
+## What are Passkeys?
+## Terminology
+## Feature Overview
+## Integration Options
+## Getting Started
+
+# Quick Start
+## Overview
+## Before you start
+### Terminology
+## Steps (Custom UI)
+### Initialize the Frontend SDK
+### Add the UI
+### Add the Signup Form
+### Add the Login Form
+### Initialize the Backend SDK
+## Steps (Prebuilt UI)
+### Initialize the Frontend SDK
+### Initialize the Backend SDK
+## Next Steps
+
+
+# Account Recovery
+## Overview
+
+# Customise Passkey Validation
+## Overview
+## Available options
+
+# Configuring the Relying Party and Multitenancy
+## Overview
+## Configuring the Relying Party
+
+
+
@@ -0,0 +1,185 @@
+---
+title: Customise Credential Validation
+hide_title: true
+sidebar_position: 3
+---
+
+# Customise Credential Validation
+
+## Overview
+
+The WebAuthN flow allows the user to customise the way credentials are generated and validated. The reason for this is that certain use-cases require the user to have a lot of control over the credential generation and validation process.
+
+For example, in the case of a banking app, the user may want to use a YubiKey to generate and validate credentials. In this case, the user may want to use a required PIN or a biometric factor to validate the credential.
+
+TODO: Add correct link
+Most of the customisation is done through function overrides. You can find more details about how they work here: [Overrides](https://deploy-preview-869--starlit-elf-06ee1a.netlify.app/docs/references/sdks/functions-overrides/backend-functions-override).
+
+## Recipe Configuration
+
+TODO: Add correct link
+The recipe configuration is done by the `init` function. You can find more details about the recipe configuration here: [Recipe Configuration](#).
+
+When configuring the recipe, you can pass the following options:
+- **Relying Party**: Details about the entity for which the credential is being generated. This includes the domain name (Relying Party ID) and display name (Relying Party Name) of your application that will be shown to the user during authentication. The Relying Party ID defaults to the API domain (`apiBasePath`) and the Relying Parth Name defaults to the application name (`appName`).
+- **Origin**: The origin URL that the credential is generated on. Defaults to the origin of the request.
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            getOrigin: () => {
+                return "https://example.com";
+            },
+            getRelyingPartyId: () => {
+                return "example.com";
+            },
+            getRelyingPartyName: () => {
+                return "example";
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
+
+## Customising Credential Generation
+
+The credentials are generated by the client (if it supports it). You can find more details about the way the browser handles credential generation here: [Credential Management API](https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API).
+
+The credential is generated based on a set of options that you can pass to the `navigator.credentials.create` function. In our case these options are generated on the server through the SDK.
+
+The possible configurable options are:
+
+- **Relying Party**: Details about the entity for which the credential is being generated. This includes the domain name (Relying Party ID) and display name (Relying Party Name) of your application that will be shown to the user during authentication. The Relying Party ID defaults to the API domain (`apiBasePath`) and the Relying Parth Name defaults to the application name (`appName`).
+- **Origin**: The origin URL that the credential is generated on. Defaults to the origin of the request.
+- **Timeout**: The time in milliseconds that the user has to complete the credential generation process. Defaults to `6000`.
+- **Attestation**: Controls how much information about the authenticator is included in the attestation statement. This controls what authenticators are supported. Defaults to `none`.
+- **Supported Algorithms**: The cryptographic algorithms that can be used for generating credentials. Different authenticators support different algorithms. Defaults to `[-8, -7, -257]`.
+- **Resident Key**: Whether the credential should be stored on the authenticator device. Defaults to `required`.
+- **User Verification**: Controls whether user verification (like PIN or biometrics) is required. Defaults to `preferred`.
+- **User Display Name**: The display name of the user. Defaults to the `email` field.
+
+Below is an example of how you can customise the credential generation options.
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            override: {
+                functions: (originalImplementation) => {
+                    return {
+                        ...originalImplementation,
+                        registerOptions: (input) => {
+                            return originalImplementation.registerOptions({
+                                ...input,
+                                attestation: "direct",
+                                residentKey: "required",
+                                timeout: 10 * 1000,
+                                userVerification: "required",
+                                displayName: "John Doe",
+                                supportedAlgorithms: [-257],
+                                relyingPartyId: 'example.com',
+                                relyingPartyName: 'example',
+                                origin: 'https://example.com',
+                            });
+                        },
+                    };
+                },
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
+
+## Customising Credential Validation
+
+When a user attempts to login using a WebAuthN credential, the credential is used for signing a challenge through the client using `navigator.credentials.get` function. The options for signing the challenge are generated on the server through the SDK and defined how the authentication will take place:
+
+- **Relying Party ID**: The domain name (Relying Party ID) of your application that will be used for validating the credential.
+- **Origin**: The origin URL that the credential is generated on. Defaults to the origin of the request.
+- **Timeout**: The time in milliseconds that the user has to complete the credential validation process. Defaults to `6000`.
+- **User Verification**: Controls whether user verification (like PIN or biometrics) is required. Defaults to `preferred`.
+
+Below is an example of how you can customise the credential generation options.
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            override: {
+                functions: (originalImplementation) => {
+                    return {
+                        ...originalImplementation,
+                        signInOptions: (input) => {
+                            return originalImplementation.signInOptions({
+                                ...input,
+                                timeout: 10 * 1000,
+                                userVerification: "required",
+                                relyingPartyId: 'example.com',
+                                origin: 'https://example.com',
+                            });
+                        },
+                    };
+                },
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"label": "Passkey Authentication",
 +	"position": 7
 +}