Skip to main content

How it works

Using the hosted UI

The Authsignal hosted challenge UI is the easiest way to strongly authenticate your users through passwordless challenge flows.

Cognito access token (iOS)

1. Track an action

In your app's backend, track an action which represents what your user is doing, e.g. signIn. You can do this using one of the Authsignal Server SDKs or you can call the Authsignal Server API directly using a RESTful HTTP request.

const { url } = await authsignal.track({
  userId: user.id,
  action: "signIn",
  redirectUrl: "https://yourapp.com/callback",
});

2. Launch the hosted UI

In your app's frontend, pass the url from the track call to the Authsignal Browser SDK to launch an enrollment or re-authentication flow using our hosted challenge UI.

authsignal.launch(url);

3. Validate the result

Once the user has completed the challenge, Authsignal will send them back to the redirect URL you provided in step 1, appending a token as a query param which you can use to lookup the result of the challenge server-side.

const { state } = await authsignal.validateChallenge({
  userId: user.id,
  token: req.query.token,
});

if (state === "CHALLENGE_SUCCEEDED") {
  // The user completed the challenge successfully
  // Proceed with authenticated action or integrate with IdP to create authenticated session
} else {
  // The user did not complete the challenge successfully
}

Embedded or native challenge flows

If you prefer to build your own web or mobile app UI, you can also use one of the Authsignal Client SDKs to handle the logic behind performing the challenge.

Desktop web browser passkey autofilliOS passkey promptAndroid passkey prompt

1. Track an action

In your app's backend, track an action which represents what your user is doing, e.g. signIn. You can do this using one of the Authsignal Server SDKs or you can call the Authsignal Server API directly using a RESTful HTTP request.

const { token } = await authsignal.track({
  userId: user.id,
  action: "signIn",
});

2. Use a client SDK

Use one of the Authsignal Client SDKs to perform a challenge directly within your app, passing the token from step 1.

const resultToken = await authsignal.passkey.signIn({ token });

3. Validate the result

Pass the result token returned by the client SDK to your backend and validate the result of the challenge server-side.

const { state } = await authsignal.validateChallenge({
  userId: user.id,
  token: req.body.token,
});

if (state === "CHALLENGE_SUCCEEDED") {
  // The user completed the challenge successfully
  // Proceed with authenticated action or integrate with IdP to create authenticated session
} else {
  // The user did not complete the challenge successfully
}