{"id":13694661,"url":"https://github.com/webauthn4j/webauthn4j","last_synced_at":"2025-05-15T05:05:15.918Z","repository":{"id":37612295,"uuid":"134147639","full_name":"webauthn4j/webauthn4j","owner":"webauthn4j","description":"A portable Java library for WebAuthn(Passkeys) server side verification","archived":false,"fork":false,"pushed_at":"2025-05-09T05:35:29.000Z","size":22930,"stargazers_count":496,"open_issues_count":7,"forks_count":81,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-05-09T06:26:24.899Z","etag":null,"topics":["authentication","fido","fido-u2f","fido2","java","passkey","u2f","webauthn"],"latest_commit_sha":null,"homepage":"https://webauthn4j.github.io/webauthn4j/en/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webauthn4j.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-05-20T12:14:36.000Z","updated_at":"2025-05-09T05:34:37.000Z","dependencies_parsed_at":"2023-02-18T07:45:40.398Z","dependency_job_id":"2f3ed8c4-69cc-4c82-b3cb-5dac48c97c6c","html_url":"https://github.com/webauthn4j/webauthn4j","commit_stats":null,"previous_names":[],"tags_count":107,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webauthn4j","download_url":"https://codeload.github.com/webauthn4j/webauthn4j/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254276446,"owners_count":22043866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","fido","fido-u2f","fido2","java","passkey","u2f","webauthn"],"created_at":"2024-08-02T17:01:36.738Z","updated_at":"2025-05-15T05:05:15.911Z","avatar_url":"https://github.com/webauthn4j.png","language":"Java","funding_links":[],"categories":["Java","Server Libraries","Library","安全"],"sub_categories":[],"readme":"# WebAuthn4J\n\n![WebAuthn4J](./docs/image/logo.png)\n\n[![Actions Status](https://github.com/webauthn4j/webauthn4j/workflows/CI/badge.svg)](https://github.com/webauthn4j/webauthn4j/actions)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=webauthn4j\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=webauthn4j)\n[![Build Status](https://img.shields.io/maven-central/v/com.webauthn4j/webauthn4j-core.svg)](https://search.maven.org/#search%7Cga%7C1%7Cwebauthn4j)\n[![license](https://img.shields.io/github/license/webauthn4j/webauthn4j.svg)](https://github.com/webauthn4j/webauthn4j/blob/master/LICENSE.txt)\n\nA portable Java library for WebAuthn(Passkeys) server side verification\n\n### Conformance\n\nAll mandatory test cases and optional Android Key attestation test cases of [FIDO2 Test Tools provided by FIDO Alliance](https://fidoalliance.org/certification/functional-certification/conformance/)\nare passed.\n\n### Supported Attestation statement format\n\nAll attestation statement formats are supported.\n\n* Packed attestation\n* FIDO U2F attestation\n* Android Key attestation\n* Android SafetyNet attestation\n* TPM attestation\n* Apple Anonymous attestation\n* None attestation\n* Apple App Attest attestation\n\n### Kotlin friendly\n\nAlthough WebAuthn4J is written in Java, public members are marked by `NotNull` or `Nullable` annotation\nto declare nullability explicitly.\n\n### Projects using WebAuthn4J\n\n* [Keycloak](https://www.keycloak.org/) and [Red Hat build of Keycloak](https://access.redhat.com/products/red-hat-build-of-keycloak) \n* [Spring Security](https://docs.spring.io/spring-security/reference/servlet/authentication/passkeys.html)\n  * `spring-security-web` module provides passkeys support\n  * maintained by Spring Security project\n* [WebAuthn4J Spring Security](https://github.com/webauthn4j/webauthn4j-spring-security)\n  * extension for spring security to add webauthn(passkey) support\n  * maintained by WebAuthn4J project\n* [Eclipse Vert.x Auth](https://github.com/eclipse-vertx/vertx-auth)\n* [OpenAM](https://github.com/OpenIdentityPlatform/OpenAM)\n* [OpenUnison](https://openunison.github.io)\n\n## Documentation\n\nYou can find out more details from the [reference](https://webauthn4j.github.io/webauthn4j/en/).\n\n## Getting from Maven Central\n\nIf you are using Maven, just add the webauthn4j as a dependency:\n\n```xml\n\u003cproperties\u003e\n  ...\n  \u003c!-- Use the latest version whenever possible. --\u003e\n  \u003cwebauthn4j.version\u003e0.29.2.RELEASE\u003c/webauthn4j.version\u003e\n  ...\n\u003c/properties\u003e\n\n\u003cdependencies\u003e\n  ...\n  \u003cdependency\u003e\n    \u003cgroupId\u003ecom.webauthn4j\u003c/groupId\u003e\n    \u003cartifactId\u003ewebauthn4j-core\u003c/artifactId\u003e\n    \u003cversion\u003e${webauthn4j.version}\u003c/version\u003e\n  \u003c/dependency\u003e\n  ...\n\u003c/dependencies\u003e\n```\n\n\n## Build from source\n\nWebAuthn4J uses a Gradle based build system.\nIn the instructions below, `gradlew` is invoked from the root of the source tree and serves as a cross-platform,\nself-contained bootstrap mechanism for the build.\n\n### Prerequisites\n\nJava17 or later is required to build WebAuthn4J.\nTo use WebAuthn4J library, JDK11 is OK if you don't need EdDSA support.\n\n### Checkout sources\n\n```\ngit clone https://github.com/webauthn4j/webauthn4j\n```\n\n### Build all jars\n\n```\n./gradlew build\n```\n\n## How to use\n\nParse and Validation on WebAuthn registration\n\nIf your would like to verify Apple App Attest, please see the reference.\n\n```java \nString registrationResponseJSON = \"\u003cregistrationResponseJSON\u003e\"; /* set registrationResponseJSON received from frontend */\nRegistrationData registrationData;\ntry {\n    registrationData = webAuthnManager.parseRegistrationResponseJSON(registrationResponseJSON);\n} catch (DataConversionException e) {\n    // If you would like to handle WebAuthn data structure parse error, please catch DataConversionException\n    throw e;\n}\n\n// Server properties\nOrigin origin = null /* set origin */;\nString rpId = null /* set rpId */;\nChallenge challenge = null /* set challenge */;\nbyte[] tokenBindingId = null /* set tokenBindingId */;\nServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);\n\n// expectations\nList\u003cPublicKeyCredentialParameters\u003e pubKeyCredParams = null;\nboolean userVerificationRequired = false;\nboolean userPresenceRequired = true;\n\nRegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, pubKeyCredParams, userVerificationRequired, userPresenceRequired);\ntry {\n    webAuthnManager.verify(registrationData, registrationParameters);\n} catch (VerificationException e) {\n    // If you would like to handle WebAuthn data verification error, please catch VerificationException\n    throw e;\n}\n\n// please persist CredentialRecord object, which will be used in the authentication process.\nCredentialRecord credentialRecord =\n        new CredentialRecordImpl( // You may create your own CredentialRecord implementation to save friendly authenticator name\n                registrationData.getAttestationObject(),\n                registrationData.getCollectedClientData(),\n                registrationData.getClientExtensions(),\n                registrationData.getTransports()\n        );\nsave(credentialRecord); // please persist credentialRecord in your manner\n```\n\nParse and Validation on authentication\n```java \nString authenticationResponseJSON = \"\u003cauthenticationResponseJSON\u003e\"; /* set authenticationResponseJSON received from frontend */\n\nAuthenticationData authenticationData;\ntry {\n    authenticationData = webAuthnManager.parseAuthenticationResponseJSON(authenticationResponseJSON);\n} catch (DataConversionException e) {\n    // If you would like to handle WebAuthn data structure parse error, please catch DataConversionException\n    throw e;\n}\n\n// Server properties\nOrigin origin = null /* set origin */;\nString rpId = null /* set rpId */;\nChallenge challenge = null /* set challenge */;\nbyte[] tokenBindingId = null /* set tokenBindingId */;\nServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);\n\n// expectations\nList\u003cbyte[]\u003e allowCredentials = null;\nboolean userVerificationRequired = true;\nboolean userPresenceRequired = true;\n\nCredentialRecord credentialRecord = load(authenticationData.getCredentialId()); // please load authenticator object persisted in the registration process in your manner\nAuthenticationParameters authenticationParameters =\n        new AuthenticationParameters(\n                serverProperty,\n                credentialRecord,\n                allowCredentials,\n                userVerificationRequired,\n                userPresenceRequired\n        );\n\ntry {\n    webAuthnManager.verify(authenticationData, authenticationParameters);\n} catch (VerificationException e) {\n    // If you would like to handle WebAuthn data validation error, please catch ValidationException\n    throw e;\n}\n// please update the counter of the authenticator record\nupdateCounter(authenticationData.getCredentialId(), authenticationData.getAuthenticatorData().getSignCount());\n```\n\n## Sample application\n\nWebAuthn4J Spring Security is built on the top of WebAuthn4J, and its sample application demonstrates WebAuthn4J feature well.\nPlease see [WebAuthn4J Spring Security sample application](https://github.com/webauthn4j/webauthn4j-spring-security).\n\n## License\n\nWebAuthn4J is Open Source software released under the\n[Apache 2.0 license](http://www.apache.org/licenses/LICENSE-2.0.html).\n\n## Contributing\n\nInterested in helping out with WebAuthn4J? Great! Your participation in the community is much appreciated!\nPlease feel free to open issues and send pull-requests.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebauthn4j%2Fwebauthn4j","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebauthn4j%2Fwebauthn4j","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebauthn4j%2Fwebauthn4j/lists"}