AOTP Interactive Demo

See how passwordless authentication works

Real cryptography: This demo generates a real Ed25519 keypair in your browser, enrolls it with the server, then signs challenges with the private key. The server verifies every signature against the stored public key. Nothing is mocked.

Demo user: demo-mm43b5ih — Requires database. Run POST /api/db/migrate first.

Want to test with two tabs like a real user? Use /enroll + /login in one tab and the Device Simulator in another.

Device Simulator

Start Enrollment

POST /api/aotp/enroll/start

Create user account and get enrollment QR code with secret

Complete Enrollment (Device)

POST /api/aotp/enroll/complete

Generate real Ed25519 keypair and register the public key

Start Authentication

POST /api/aotp/auth/start

Request a login challenge — server creates 32-byte nonce

Sign Challenge (Device)

POST /api/aotp/challenge/:id/respond

Sign the nonce with the Ed25519 private key and approve

Get JWT Session

POST /api/aotp/auth/finish

Exchange approved challenge for a JWT session token