Q: Aside from login function, is it possible to build out custom use cases that incorporate BioMetric processs with OnzAuth?
For example autorising payments over blockchain
If the question makes more sense, can OnzAuth be used as part of process in custom Web3 applications? using SDK and DevTools
Please let me know, thanks speak with you soon.
OnzAuth
May 14, 2024A: Hi Joey,
Thank you for your question. I am not sure I got your question correctly, you wish to incorporate the biometric processes for other functions like authorising payments over blockchains etc...?
What we provide at the moment is the way to authenticate a user, and issue a jwt token for your use regardless of how you use it, most would be used to secure a protected page, I don't see any reason why you cannot use it to authorise the person before taking payments information for example, but it cannot be used to authenticate the payment, if you know what I mean. Our "Biometric" is really just an implementation of WebAuthn (Web Authentication), and not our own implementation.
That being said, we have plans for another Product called OnzPay, which is closer to what your might be asking, i.e. Biometric Payments product but won't be due probably until next year.
Hope it answers your question. You can email us at support@onzauth.com if you need more information.
Regards,
Josh
JoeyMobbinQuickly checkin, any update on an answer to the above question? as would like to purchase and support OnzAuth if everything aligns with needs. Thanks
Appreciate the response. Makes sense.
So can it be integrated with any existing SaaS my company uses like say CRM, Google sheet, email software, etc?
How does OnzAuth verify the trickiest part that a user is present in real-time?
because Biometric data, just like passwords, ultimately come from the person who is authenticating themselves. The risk is they can create or obtain fake credentials like fingerprints, retinal scans, or whatever - especially as attackers become more sophisticated using deepfake, etc - so how do you verify the person is present in real time during the authentication process and keep ahead of threats of hack/attack
Hi,
With regards to biometric, we are using WebAuthn to achieve that, basically the general idea is that we do not store any biometric data but just store your approved authenticator, be it your phone or your laptop etc... and verify that you are authenticated by that device.
That said, biometric authentication and even storage of say your fingerprints etc, are all handled by your device, and how well they handle live faces for example are all device dependant, we do support fido2 keys or the recent passkey as well, but we do not directly handle your biometric auth if that makes sense.
Cheers