Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/YubicoLabs/java-webauthn-passwordless-workshop

WebAuthn passwordless authentication with resident credentials
https://github.com/YubicoLabs/java-webauthn-passwordless-workshop

Last synced: about 1 month ago
JSON representation

WebAuthn passwordless authentication with resident credentials

Host: GitHub
URL: https://github.com/YubicoLabs/java-webauthn-passwordless-workshop
Owner: YubicoLabs
License: apache-2.0
Created: 2019-06-06T21:24:32.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-12-05T22:21:55.000Z (about 1 year ago)
Last Synced: 2024-08-03T21:03:35.050Z (4 months ago)
Language: JavaScript
Homepage:
Size: 3.4 MB
Stars: 22
Watchers: 3
Forks: 8
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-webauthn - Yubico Labs: Securing a Website with Passwordless Authentication - Yubico java discoverable credentials workshop. (Tutorials)

README

# Securing a Website with Passwordless Authentication
In this workshop you will build a simple web application that enables users to register a security key and then use the security key to sign in without typing in a username or password.

TLDR

If you'd rather see the end result without installing the dependencies and going through all the steps then do this _(requires docker)_:
1. Clone the repo
```
git clone https://github.com/YubicoLabs/java-webauthn-passwordless-workshop
```
2. Build the docker image
```
docker build -t example/demo:latest java-webauthn-passwordless-workshop/4_Authentication/complete/.
```
3. Run the image
```
docker run -p 8443:8443 example/demo:latest
```
4. Open `https://localhost:8443/` in a CTAP2 compatible browser (Edge on Windows 10 1809+ or Safari Technology Preview on macOS)
5. Sign in with username `user` and password `password`
6. Register a security key
7. Sign out
8. Click `Passwordless sign in` to sign in without typing a username or password

## What you'll build:
You'll start with a java web application that secures access to a page with a login form. Then you'll integrate Yubico's WebAuthn Server libraries to enable FIDO2 security key registration and passwordless authentication.

## What you'll need:
* [Git](https://git-scm.com/)
* [Docker](https://docs.docker.com/install/)
* [JDK 1.8](https://www.oracle.com/technetwork/java/javase/downloads/index.html) or later
* [Maven 3.2](https://maven.apache.org/download.cgi)+
* FIDO2 Compatible browser
* MacOS: [Safari Technical Preview](https://developer.apple.com/safari/technology-preview/) version 71+
* Windows 10 Version 1809+: Edge
* A favorite text editor or IDE
* A security key
* [Optional] An [Azure](https://azure.microsoft.com/) Subscription. If you already have a subscription you can use it or you can get a free trial [here](https://azure.microsoft.com/free/).

### High Level Components
![alt text](./images/highlevelcomponents.png "High Level Components")

**FIDO2 Authenticator:**
The authenticator makes credentials, generates cryptographic proof of user authentication, and manages the PIN.

**Client:**
The client is the bridge between the authenticator and the server. It implements the FIDO2 Client to Authenticator Protocol (CTAP) and the WebAuthn API. The client could be a browser exposing the WebAuthn API to web applications, or an OS subsystem exposing a platform-specific FIDO2 API to native applications such as mobile or desktop apps.

**Server:**
The server, also know as Relying Party or RP, consists conceptually of at least a web server and the server-side portions of a web application, plus a WebAuthn server. The WebAuthn server has a trust store, containing the (public) trust anchors for the attestation of FIDO2 Authenticators. Note: a trust store is needed only if RP cares about attestation metadata.

See the diagram below for a depiction of the server architecture
![alt text](./images/serverarchitecture.png "Server Architecture")

#### Additional WebAuthn Resources
If you need more resources to understand WebAuthn and FIDO2 then
* Read the [WebAuthn Developer Guide](https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/)
* Review the [Java WebAuthn Server Library Code](https://github.com/Yubico/java-webauthn-server)
* Watch the [Developer Videos](https://www.yubico.com/why-yubico/for-developers/developer-videos/)

# Modules
This workshop is split into multiple modules. Each module builds upon the previous module as you expand the application. You must complete each module before proceeding to the next.

1. **Getting Started**
2. **Credential Repository**
3. **Registration**
4. **Authentication**
1. **Clean Up**

# Getting Started
Before you begin, make sure you have completed the steps in the [Getting Started Module](./1_Getting_Started/README.md)