What is a RelyingParty?
A web site or other entity that uses a FIDO protocol to directly authenticate users (i.e., performs peer-entity authentication). Note that if FIDO is composed with federated identity management protocols (e.g., SAML, OpenID Connect, etc.), the identity provider will also be playing the role of a FIDO RelyingParty.
What is Attestation?
Attestation is the process of verifying the device using trust chains. A successful attestation proves that the device the user has authenticated with is authentic and hasn't been tampered with. From a high level end users perspective, you can think of attestation as a kin to registration.
Can I use an IPhone/Android device as a Fido Authenticator?
Yes, all recent versions Android/IOS support WebAuthn, you can use https://fido.identityserver.com/ to test authenticators.
Can I use Windows Hello as a Fido Authenticator?
Yes, once Windows Hello is configured you can use Windows Hello as FIDO Authenticator. For more information on setting up Windows Hello see, https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0
Can I use Username-less and password-less (credential-less) authentication with Fido?
Yes, however the FIDO device must support Discoverable Credentials/Residence keys to allow discovery of the Username. If a FIDO Device does not support residence keys then a User handle must be supplied to link the key to an account.
Can I use Fido with Blazor?
The FIDO2 component works with any supported ASP.NET Core version. With FIDO, however, you will need to perform both the challenge and response handling on the server-side. Running the FIDO relying party logic within the browser breaks FIDOs security model. It is possible to put the FIDO RelyingParty functionality behind an API and drive it via JavaScript on the frontend. This would be a similar approach to GitHub and Apple's sign-in process.
I'm getting the error message "Invalid Origin"
This happens when the domain in the browser where WebAuthn is being used does not match the domain of the validating server (RelyingParty). If the FIDO challenge is being issued on a different domain to the validating server, you can override the validation step on the server using the "RelyingPartyId" setting in the FidoOptions.
What does ErrorDescription:Unsolicited registration response - no challenge state found mean?
This likely means the Correlation Cookie is missing, check that you are running in HTTPS and that the correlation cookie is being set and sent in requests. You can verify that the browser is setting and sending cookies by checking the HTTP headers in the relevant requests in the browser tools.
What logo can I display on my login Page?
The FIDO component is fully certified and compliant FIDO Server so you can use any of the following https://fidoalliance.org/fido-trademark-and-service-mark-usage-agreement-for-websites-exhibit-a/