ZTechLab1
Interactive demos of YubiKey authentication and Azure identity patterns.
Yubico OTP i
HOTP Validation i
Paired to a specific YubiKey
FIDO2 / WebAuthn i
Passwordless auth and Passkeys. Supports resident credentials.
TOTP i
Time-based one-time password. Open YubiKey Authenticator and enter the 6-digit code.
Paired to a specific YubiKey
YubiKey Info i
Genuine YubiKey Check i
Verify your key is authentic Yubico hardware via attestation certificate chain.
API Key vs Identity i ⚙
Same action. Two auth methods. See why identity wins.
FIDO Step-Up Registration i ⚙
Register a passkey tied to your identity for step-up authentication.
Just-in-Time Access i ⚙
Request temporary elevated access to delete a table record.
Table Storage i ⚙
Audit Log i ⚙
Last 20 actions across all tiles.
AI-Gated Action i ⚙
Describe what you want to do. The AI policy engine decides: allow, deny, or require step-up.
FIDO2 Demo — Registration + Authentication
Exercise the full WebAuthn lifecycle on any FIDO2 security key. Nothing is stored — the credential lives only in this page's memory. Close the tab and it's gone.
Step 1 triggers a real WebAuthn registration ceremony with direct attestation. The server validates the attestation cert against the Yubico root CA, then parses the Yubico OID extension 1.3.6.1.4.1.41482.13.1 to pull the firmware version directly from the cert.
Step 2 asks the key to sign a fresh challenge and verifies the signature with the public key from step 1.
Enrolled Keys
All YubiKeys currently tied to user identities.
Approved Device Models (AAGUID Allow-List)
Only YubiKey models on this list can be enrolled. If no models are listed, all Yubico devices are accepted.
Projects
Quick Links
AI + Dan vs Traditional Team
What it would cost to build ZTechLab1 with a traditional cross-functional team vs. one Solutions Engineer + AI.