Loading saved credentials…
All tools

FIDO tool

FIDO / Passkey Workbench

A guided wrapper over the OneWelcome FIDO Access API. Tenant host + bearer come from the env panel above (same credentials used by the API Explorer).

FIDO Policies

Backed by /fido2/policies. Read on load, edit selected, or create a new one.

List
Hit Load policies.
List responseno result yet
Click run to see output
Selected policy
Pick a policy from the list to inspect or edit.
GET responseno result yet
Click run to see output

Enrolled Authenticators

Backed by /fido2/authenticators?userId=…. Look up a user's enrolled passkeys and revoke any of them.

Lookup responseno result yet
Click run to see output

Ceremony Challenges

Pull a WebAuthn challenge from the FIDO server. Useful for sanity-checking policy effects and inspecting the options blob a relying-party page would receive.

POST /fido2/attestation/options
Attestation optionsno result yet
Click run to see output
Why no live ceremony? A passkey is bound to its relying-party origin (e.g. your-tenant.…onewelcome.net). The browser refuses to invoke navigator.credentials.create/get unless this page's origin matches that RP ID — so the actual key dance has to run inside an app served from the tenant origin. Here we surface what the server would hand back to that app so you can verify policy/config changes affect the challenge as expected.