Key Concepts

There are a few key concepts that are important to understand when working with Liquid Auth. The main concepts are Linking, Passkeys, and Peer-to-Peer. See the full details in the Architecture Reference.

🔗 Linking

A link will authorize a remote client to access the service. This is done by generating a RequestId and waiting for a device to attest a Passkey.

Linking Guide High level overview of Linking in Liquid Auth.

🔒 Passkeys

Passkeys are also known as FIDO2/WebAuthn PublicKeyCredential. This KeyPair is used to register or authenticate a user and is generated by an authenticator device.

Registration Guide Guide on registering a Passkey.

Authentication Guide Guide on using a registered Passkey.

FIDO2 Extension

Authenticators must also support the Liquid Extension which is used to attest a KeyPair not controlled by the authenticator.

This extension attaches an additional signature to the credential to associate the KeyPair with the Passkey. The extension also includes an optional requestId which is used to link the KeyPair to a specific session. When two clients are linked, they can establish a peer-to-peer connection.

Liquid Extension Guide on the Liquid Extension.

🔄 Peer-to-Peer

WebRTC is used for establishing a peer-to-peer connection between two clients.

Offer

Session Description Protocol (SDP) message sent from the client to the server. The offer contains information about the client’s media capabilities and information about the datachannel.

Offer Guide Guide on Offer descriptions.

Answer

Session Description Protocol (SDP) message sent back to a client who created the Offer. An Answer client can then use this information to generate an answer, which is sent back to the offer client.

Answer Guide Guide on Answer descriptions.

Candidate

ICE Candidate is a network address that can be used to communicate with the peer.