Ping SDKs

Unregister a WebAuthn device

To unregister a WebAuthn device from a user’s profile, use the deleteCredential function in your application. The function requires the publicKeyCredentialSource as a parameter.

Use the loadAllCredentials method and pass in the relying party identifier (rpId) string to return an array of publicKeyCredentialSource values. The rpId string must match the configuration you used when you configured the authentication journeys earlier.

You can only remove a device if it has the username embedded in the profile.

You must enable the Username to Device option in the WebAuthn Registration node to be able to remove the device from a user’s profile on the server using the SDKs.

The SDK attempts to delete the record of the device from the server. If that succeeds, it will then remove the local keys held by the client device. If it fails to remove the records from the server, it will not remove the local keys by default.

However, you can pass the forceDelete: true boolean parameter to the function to delete the local keys even if the call to the server fails.

let rpId = "openam-docs.forgeblocks.com"

if let credentialSource = FRWebAuthn.loadAllCredentials(
  by: rpId
).first {
  try? FRWebAuthn.deleteCredential(
    publicKeyCredentialSource: credentialSource,
    forceDelete: true
  )
}

Removing keys from either the server or the device means you will need to register it again for WebAuthn journeys. Refer to Register a WebAuthn device.