VIP Auth Hub - FIDOIdentifier Expiry duration
search cancel

VIP Auth Hub - FIDOIdentifier Expiry duration

book

Article ID: 266823

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

Can you please explain below settings in tenant? As per documentation, it says its expiry date of the cookie. 

Will clients be able to login after 365 days?

What's the error message when FIDO identifier will be expired?

 

{
        "name": "fidoIdentifierExpiryDays",
        "value": "365"
    }
 

Environment

Release : 12.8

Resolution

FIDO identifier Expiry Days” is used to create the the FIDO identifier cookie in the browser.

FIDO identifier in the /authenticate call is optional as AuthHub has a way to identify if the device was registered for FIDO even if the identifier is missing in the /authenticate call.

There will NOT be any impact to an existing FIDO credential or auth flow even after the cookie expires...In a scenario where the existing cookie expires, authentication will still continue and at the end of the authentication flow, a new cookie will be created with expiration of 365 days.

We continue to maintain the cookie even though it is optional is because the API is efficient (w.r.t response time) when the cookie exists vs when it does not

Powered by Wolken Software