RubyGems Navigation menu
Guides

How to use WebAuthn MFA with gem CLI.

Multifactor authentication (MFA) using WebAuthn works by using a removable hardware token or touch biometric / facial biometric capabilities built into your phone or computer. This is distinct from MFA based on typing or copying a code generated by an authentication app or password manager, called OTP. For OTP MFA see “Using OTP multifactor authentication in command line”.

When you have enabled WebAuthn MFA we will ask you to perform authentication for gem signin. Check “Setting up WebAuthn multifactor authentication” for guidance on setting up WebAuthn MFA.

Enter your RubyGems.org credentials.
Don't have an account yet? Create one at https://rubygems.org/sign_up
Email:   gem_author@example
Password:

[snip of API key setup]

You have enabled multi-factor authentication.
Please visit http://localhost:3000/webauthn_verification/<random>?port=<port>
to authenticate via security device. If you can't verify using WebAuthn but
have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]`
option.

Depending on your terminal program, you may be able to click, command-click or control-click on the link to open it in your default browser. Otherwise you will need to copy and paste the link into a new tab.

A webpage titled “Authenticate with Security Device” appears. Click “Authenticate”. Your browser will show a popup asking you to use a Passkey or other authentication device (the exact popup will vary according to the browser).

Note: currently, Safari does not implement a feature required for the WebAuthn CLI to work. You must use another browser for WebAuthn CLI authentication. If you try to use Safari you will see a warning on this page.

Once you have authenticated using your WebAuthn device device, you will see a “Success” page. At this point you can close your browser tab and return to the command line, which will say:

You are verified with a security device. You may close the browser window.
Signed in with API key: <your API key name>