I have mobile website and in this application I want to use device's native PIN, Faceid and Fingerprint authentication, is this practically somehow possible? because I don't think browser would allow me something like that.

Also I heard that if I want to have this kind of behaviour, I should create PWA(progressive web app). So is it true that from browser(without PWA) I can't use any of these three authentication types and that PWA will give me opportunity to use all of them?

I have mobile website and in this application I want to use device's native PIN, Faceid and Fingerprint authentication, is this practically somehow possible? because I don't think browser would allow me something like that.

Also I heard that if I want to have this kind of behaviour, I should create PWA(progressive web app). So is it true that from browser(without PWA) I can't use any of these three authentication types and that PWA will give me opportunity to use all of them?

• javascript
• browser
• progressive-web-apps
• mobile-website
• biometrics

• developer.mozilla.org/en-US/docs/Web/API doesn’t look like it is possible, no. – evolutionxbox Commented Jul 27, 2020 at 9:48

2 Answers 2

Yes the Web Authentication API is available, which allows you to delegate authentication to the device's authenticators, including common mobile authenticators such as fingerprints or face ID. Your server application will need to support this method of authentication as well, so keep that in mind.

All modern browsers have supported Web Authentication API for a while now.

You can try out a demo and view code examples here: https://webauthn.io

Mark's answer is amazing and points you to the most-official Web Authentication API documentation. But if you are like me (tried to understand the documentation and then give it a try to build everything from scratch), it may be a bit of a challenge.

To make your implementation process easier, I recommend you to check out SimpleWebAuthn. They have ready-to-use code for browser and a server using Typescript - NodeJS.