{"id":13703066,"url":"https://github.com/webauthn4j/webauthn4j-spring-security","last_synced_at":"2025-04-12T15:38:06.473Z","repository":{"id":37826922,"uuid":"125645968","full_name":"webauthn4j/webauthn4j-spring-security","owner":"webauthn4j","description":"WebAuthn4J Extension for Spring Security","archived":false,"fork":false,"pushed_at":"2025-04-02T06:56:50.000Z","size":25012,"stargazers_count":206,"open_issues_count":1,"forks_count":48,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-03T15:11:45.076Z","etag":null,"topics":["fido","fido-u2f","fido2","java","passkey","spring","spring-security","webauthn","webauthn4j-spring-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webauthn4j.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-17T16:01:11.000Z","updated_at":"2025-04-02T08:04:01.000Z","dependencies_parsed_at":"2024-05-22T15:54:29.853Z","dependency_job_id":"ee0b5192-8a42-4431-bdf0-d366cd6e24d0","html_url":"https://github.com/webauthn4j/webauthn4j-spring-security","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j-spring-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j-spring-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j-spring-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webauthn4j%2Fwebauthn4j-spring-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webauthn4j","download_url":"https://codeload.github.com/webauthn4j/webauthn4j-spring-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248590561,"owners_count":21129847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fido","fido-u2f","fido2","java","passkey","spring","spring-security","webauthn","webauthn4j-spring-security"],"created_at":"2024-08-02T21:00:49.852Z","updated_at":"2025-04-12T15:38:06.443Z","avatar_url":"https://github.com/webauthn4j.png","language":"Java","funding_links":[],"categories":["Server Libraries"],"sub_categories":[],"readme":"# WebAuthn4J Spring Security\n\n[![Actions Status](https://github.com/webauthn4j/webauthn4j-spring-security/workflows/CI/badge.svg)](https://github.com/webauthn4j/webauthn4j-spring-security/actions)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=webauthn4j-spring-security\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=webauthn4j-spring-security)\n[![Maven Central](https://img.shields.io/maven-central/v/com.webauthn4j/webauthn4j-spring-security-core.svg)](https://search.maven.org/search?q=webauthn4j-spring-security)\n[![license](https://img.shields.io/github/license/webauthn4j/webauthn4j-spring-security.svg)](https://github.com/webauthn4j/webauthn4j-spring-security/blob/master/LICENSE.txt)\n\nWebAuthn4J Spring Security provides [Web Authentication specification](https://www.w3.org/TR/2019/REC-webauthn-1-20190304/) support for your Spring application by using [WebAuthn4J library](https://github.com/webauthn4j/webauthn4j).\nUsers can login with WebAuthn compliant authenticator.\n\n## Project status\n\nThis project is under active development. API signature may change.\n\n## Documentation\n\nYou can find out more details from the [reference](https://webauthn4j.github.io/webauthn4j-spring-security/en/).\n\n## Getting from Maven Central\n\nIf you are using Maven, just add the webauthn4j-spring-security as a dependency:\n\n```xml\n\u003cproperties\u003e\n  ...\n  \u003c!-- Use the latest version whenever possible. --\u003e\n  \u003cwebauthn4j-spring-security.version\u003e0.11.0.RELEASE\u003c/webauthn4j-spring-security.version\u003e\n  ...\n\u003c/properties\u003e\n\n\u003cdependency\u003e\n\t\u003cgroupId\u003ecom.webauthn4j\u003c/groupId\u003e\n\t\u003cartifactId\u003ewebauthn4j-spring-security-core\u003c/artifactId\u003e\n\t\u003cversion\u003e${webauthn4j-spring-security.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Build\n\nWebAuthn4J Spring Security uses a Gradle based build system.\nIn the instructions below, `gradlew` is invoked from the root of the source tree and serves as a cross-platform,\nself-contained bootstrap mechanism for the build.\n\n### Prerequisites\n\n- Java17 or later\n- Spring Framework 6.0 or later\n\n### Checkout sources\n\n```bash\ngit clone https://github.com/webauthn4j/webauthn4j-spring-security\n```\n\n### Build all jars\n\n```bash\n./gradlew build\n```\n\n## sample applications\n\nSample applications are available in [webauthn4j-spring-security-samples](https://github.com/webauthn4j/webauthn4j-spring-security-samples)\n\n```bash\n./gradlew samples:spa:bootRun\n```\n\n![Login view](./docs/src/reference/asciidoc/en/images/login.png \"Login view\")\n\n## Configuration\n\nWebAuthn4J Spring Security can be configured through Spring Security Java Config.\n\n```java\n@Configuration\n@EnableWebSecurity\npublic class WebSecurityConfig {\n\n    @Bean\n    public WebAuthnAuthenticationProvider webAuthnAuthenticationProvider(WebAuthnCredentialRecordService webAuthnCredentialRecordService, WebAuthnManager webAuthnManager){\n        return new WebAuthnAuthenticationProvider(webAuthnCredentialRecordService, webAuthnManager);\n    }\n\n    @Bean\n    public DaoAuthenticationProvider daoAuthenticationProvider(UserDetailsService userDetailsService){\n        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();\n        daoAuthenticationProvider.setUserDetailsService(userDetailsService);\n        daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());\n        return daoAuthenticationProvider;\n    }\n\n    @Bean\n    public AuthenticationManager authenticationManager(List\u003cAuthenticationProvider\u003e providers){\n        return new ProviderManager(providers);\n    }\n\n    @Bean\n    public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {\n        // WebAuthn Login\n        http.apply(WebAuthnLoginConfigurer.webAuthnLogin())\n                .loginPage(\"/login\")\n                .usernameParameter(\"username\")\n                .passwordParameter(\"rawPassword\")\n                .credentialIdParameter(\"credentialId\")\n                .clientDataJSONParameter(\"clientDataJSON\")\n                .authenticatorDataParameter(\"authenticatorData\")\n                .signatureParameter(\"signature\")\n                .clientExtensionsJSONParameter(\"clientExtensionsJSON\")\n                .loginProcessingUrl(\"/login\")\n                .rpId(\"example.com\")\n                .attestationOptionsEndpoint()\n                .attestationOptionsProvider(attestationOptionsProvider)\n                .processingUrl(\"/webauthn/attestation/options\")\n                .rp()\n                .name(\"example\")\n                .and()\n                .pubKeyCredParams(\n                        new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256),\n                        new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.RS1)\n                )\n                .authenticatorSelection()\n                .authenticatorAttachment(AuthenticatorAttachment.CROSS_PLATFORM)\n                .residentKey(ResidentKeyRequirement.PREFERRED)\n                .userVerification(UserVerificationRequirement.PREFERRED)\n                .and()\n                .attestation(AttestationConveyancePreference.DIRECT)\n                .extensions()\n                .credProps(true)\n                .uvm(true)\n                .and()\n                .assertionOptionsEndpoint()\n                .assertionOptionsProvider(assertionOptionsProvider)\n                .processingUrl(\"/webauthn/assertion/options\")\n                .rpId(\"example.com\")\n                .userVerification(UserVerificationRequirement.PREFERRED)\n                .and()\n                .authenticationManager(authenticationManager);\n    }\n}\n```\n\n\n## License\n\nWebAuthn4J Spring Security is Open Source software released under the\n[Apache 2.0 license](http://www.apache.org/licenses/LICENSE-2.0.html).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebauthn4j%2Fwebauthn4j-spring-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebauthn4j%2Fwebauthn4j-spring-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebauthn4j%2Fwebauthn4j-spring-security/lists"}