{"id":13703263,"url":"https://github.com/adessoSE/softauthn","last_synced_at":"2025-05-05T07:30:40.871Z","repository":{"id":74498478,"uuid":"539038422","full_name":"adessoSE/softauthn","owner":"adessoSE","description":"WebAuthn authenticator emulation in Java","archived":false,"fork":false,"pushed_at":"2022-11-10T09:24:39.000Z","size":159,"stargazers_count":8,"open_issues_count":1,"forks_count":4,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-05-01T02:44:12.371Z","etag":null,"topics":["authenticator","fido2","java","webauthn"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adessoSE.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-09-20T14:41:09.000Z","updated_at":"2024-12-20T13:50:59.000Z","dependencies_parsed_at":"2023-06-26T21:35:12.364Z","dependency_job_id":null,"html_url":"https://github.com/adessoSE/softauthn","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adessoSE%2Fsoftauthn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adessoSE%2Fsoftauthn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adessoSE%2Fsoftauthn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adessoSE%2Fsoftauthn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adessoSE","download_url":"https://codeload.github.com/adessoSE/softauthn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252458331,"owners_count":21751017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authenticator","fido2","java","webauthn"],"created_at":"2024-08-02T21:00:52.631Z","updated_at":"2025-05-05T07:30:40.542Z","avatar_url":"https://github.com/adessoSE.png","language":"Java","readme":"# softauthn-java\n\nsoftauthn provides an implementation of the [WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/) API and a software authenticator in Java, \nusing the [`java-webauthn-server`](https://developers.yubico.com/java-webauthn-server/) library for data models. This makes it especially well-suited \nto interface with code that uses that same library.\n\n## Purpose\nThe primary purpose of this library is to enable developers to test their WebAuthn server implementations.\nE.g. you might have a web app that allows users to authenticate via WebAuthn and you want to unit test your \nbackend authentication process. This library gives you an API to create arbitrary authenticators that behave\nlike \"real\" ones in pure software.\n\n## Installation\n\nReleases of this library can be found in Maven Central. Note that this project is still in its early stages and \ntherefore doesn't support all the features you might want to see yet. See [below](#Completeness) for more information.\n\nGradle (Kotlin DSL):\n```kotlin\nrepositories {\n    mavenCentral()\n}\n\ndependencies {\n    implementation(\"io.github.adessose:softauthn:0.1.2\")\n}\n```\n\nMaven: \n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.adessose\u003c/groupId\u003e\n    \u003cartifactId\u003esoftauthn\u003c/artifactId\u003e\n    \u003cversion\u003e0.1.2\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n\n## Usage\n\n### Creating and Registering authenticators\n```java\n// Create an authenticator that will implement the functionality of a WebAuthn authenticator in pure software\n// This one mimics a modern USB key: it is external (cross-platform attachment),\n// can store keys internally and can verify users (e.g. via a pin code)\nvar authenticator = WebAuthnAuthenticator.builder()\n        .attachment(AuthenticatorAttachment.CROSS_PLATFORM)\n        .supportClientSideDiscoverablePublicKeyCredentials(true)\n        .supportUserVerification(true)\n        .build();\n\n// alternatively, you can use one of the templates in the Authenticators class\nauthenticator = Authenticators.yubikey5Nfc().build();\n// Create a credentials container (mimics the browser navigator.credentials API)\n// It will pretend its origin is https://example.com (no port, no extra domain)\nvar origin = new Origin(\"https\", \"example.com\", -1, null);\nvar credentials = new CredentialsContainer(origin, List.of(authenticator));\n// Get the options for credential creation from your backend\nPublicKeyCredentialCreationOptions opts = startRegistration(...);\nPublicKeyCredential\u003cAuthenticatorAttestationResponse, ClientRegistrationExtensionsResult\u003e publicKeyCredential = credentials.create(opts);\nverifyAttestation(publicKeyCredential);\n```\n\n### Creating Assertions\n\n```java\n// same environment as above, get request options from your backend somehow\nPublicKeyCredentialRequestOptions opts = startAssertion(...);\n// will create an appropriate assertion (or null if no matching credential can be found)\nPublicKeyCredential\u003cAuthenticatorAssertionResponse, ClientAssertionExtensionsResult\u003e credential = credentials.get(opts);\nverifyAssertion(credential);\n```\n\n## Completeness\n\nWhile this library does aim to come close to the WebAuthn specification, it does not implement all of its features.\nThese aspects are currently unsupported:\n- Any type of attestation other than \"none\"\n- Token Binding\n- Client Extensions\n\nAdditionally, only the algorithms/COSE specifiers supported by `java-webauthn-server` are implemented. \nCurrently, those are:\n- EdDSA\n- ES256\n- RS256 (WIP)\n- RS1 (WIP)\n\nSee [IANA COSE Algorithm Registry](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) for reference.\nIf this list is out of date because `java-webauthn-server` added a new algorithm, feel free to create an issue in \nthis repository and I will do my best to update the library accordingly.\n\n## A note on alternatives\nAs an alternative to this library, there is the test module of the [`webauthn4j`](https://github.com/webauthn4j/webauthn4j) project. \nThis module differs from softauthn in a few ways:\n\n- it is an internal module and not published as a library\n- it is undocumented\n- it has a hard dependency on Spring Boot\n- it currently supports more features\n- it uses the webauthn4j data models\n\nThe last point on this list may have the biggest impact on your convenience depending on how you \nimplemented WebAuthn in your app.\n\n## Licensing\n\nThis project is licensed under the [MIT License](./LICENSE), but it depends on projects with different licensing\nwhich may be relevant to you:\n\n- [java-webauthn-server](https://github.com/Yubico/java-webauthn-server/blob/main/COPYING)\n- [COSE-JAVA](https://github.com/cose-wg/COSE-JAVA/blob/master/LICENSE)","funding_links":[],"categories":["Software Authenticators"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FadessoSE%2Fsoftauthn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FadessoSE%2Fsoftauthn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FadessoSE%2Fsoftauthn/lists"}