RubyGems Navigation menu
Guides

How to use WebAuthn MFA with gem CLI.

Multi-factor authentication (MFA) using WebAuthn works by using a removable hardware token or touch biometric / facial biometric capabilities built into your phone or computer. This is distinct from MFA based on typing or copying a code generated by an authentication app or password manager, called OTP. For OTP MFA see “Using OTP multi-factor authentication in command line”.

When you have enabled WebAuthn MFA, we will ask you to perform authentication on certain commands based on your authentication level.

Enter your RubyGems.org credentials.
Don't have an account yet? Create one at https://rubygems.org/sign_up
Email:   gem_author@example
Password:

[snip of API key setup]

You have enabled multi-factor authentication.
Please visit http://localhost:3000/webauthn_verification/<random>?port=<port>
to authenticate via security device. If you can't verify using WebAuthn but
have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]`
option.

Depending on your terminal program, you may be able to click, command-click or control-click on the link to open it in your default browser. Otherwise you will need to copy and paste the link into a new tab.

A webpage titled “Authenticate with Security Device” appears. Click “Authenticate”. Your browser will show a popup asking you to use a Passkey or other authentication device (the exact popup will vary according to the browser).

Once you have authenticated using your WebAuthn device device, you will see a “Success” page. At this point you can close your browser tab and return to the command line, which will say:

You are verified with a security device. You may close the browser window.
Signed in with API key: <your API key name>