FIDO tool
FIDO / Passkey Workbench
A guided wrapper over the OneWelcome FIDO Access API. Tenant host + bearer come from the env panel above (same credentials used by the API Explorer).
Reference:FIDO Access API docs
FIDO Policies
Backed by /fido2/policies. Read on load, edit selected, or create a new one.
List
Hit Load policies.
List responseno result yet
Click run to see outputSelected policy
Pick a policy from the list to inspect or edit.
GET responseno result yet
Click run to see outputEnrolled Authenticators
Backed by /fido2/authenticators?userId=…. Look up a user's enrolled passkeys and revoke any of them.
Lookup responseno result yet
Click run to see outputCeremony Challenges
Pull a WebAuthn challenge from the FIDO server. Useful for sanity-checking policy effects and inspecting the options blob a relying-party page would receive.
POST /fido2/attestation/options
Attestation optionsno result yet
Click run to see outputWhy no live ceremony? A passkey is bound to its relying-party origin (e.g.
your-tenant.…onewelcome.net). The browser refuses to invoke navigator.credentials.create/get unless this page's origin matches that RP ID — so the actual key dance has to run inside an app served from the tenant origin. Here we surface what the server would hand back to that app so you can verify policy/config changes affect the challenge as expected.