Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn
2021 FIDO Alliance Developer Challenge winning entry. Using SimpleWebAuthn and Amazon Cognito's custom authentication flow support to implement a proof-of-concept serverless FIDO "Server" supporting a passwordless web app.
https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn
Last synced: about 2 months ago
JSON representation
2021 FIDO Alliance Developer Challenge winning entry. Using SimpleWebAuthn and Amazon Cognito's custom authentication flow support to implement a proof-of-concept serverless FIDO "Server" supporting a passwordless web app.
- Host: GitHub
- URL: https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn
- Owner: lockdrop
- License: mit
- Created: 2021-08-19T23:24:12.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2021-09-19T02:13:45.000Z (about 3 years ago)
- Last Synced: 2024-06-10T19:11:49.387Z (4 months ago)
- Language: JavaScript
- Homepage: https://delzs89prk9ue.cloudfront.net/
- Size: 299 KB
- Stars: 15
- Watchers: 1
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cdk-serverless-cognito-fido2-webauthn
This CDK app is a proof of concept example implementation of the FIDO2/WebAuthn protocols for passwordless logins using Amazon Cognito as a "Relying Party" (authentication server). This is made possible thanks to a couple existing technologies:
- [Amazon Cognito's Custom Authentication Challenge Lambda Triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html)
- [SimpleWebAuthn](https://github.com/MasterKale/SimpleWebAuthn)A demo deployment can be played with here: https://delzs89prk9ue.cloudfront.net/
## Architecture
![AWS Architecture Diagram](docs/architecture.png)
## SimpleWebAuthn
Goal as part of implementing this sample code was to replicate the [example](https://simplewebauthn.dev/docs/advanced/example-project) provided by SimpleWebAuthn serverlessly using Amazon Cognito and CloudFront+S3 as opposed to a server-based Node.JS server. Advantages:
- Faster/easier setup
- Automatically scalable
- Showing how to augment existing AWS authentication mechanisms (Amazon Cognito) to leverage Fido2/WebAuthn
- Passwordless login flow## Requirements
- [AWS Account](https://aws.amazon.com/)
- [AWS CDK](https://aws.amazon.com/cdk/) (TypeScript)
- [Node/Npm](https://nodejs.org/)
- Fido2/WebAuthn compatible authenticator (ex. Yubikey)## Deploy
### 1. Clone this repo and step into the created folder/directory
```
git clone https://github.com/aaronbrighton/cdk-serverless-cognito-fido2-webauthn.git
cd cdk-serverless-cognito-fido2-webauthn
```### 2. Install dependencies
```
npm install
```### 3. Deploy CDK app to AWS
```
npx cdk deploy
```You should see deployed web app in the final output of the above command:
```
Outputs:
simplewebauthn-example-cognito.webappcloudfrontoutput = https://delzs89prk9ue.cloudfront.net/
```## Usage
![Example Screenshot](docs/example.png)
### 1. Enter an email address above the register button
### 2. Click register and activate your authenticator
### 3. Enter same email address above the authenticate button
### 4. Click authenticate and activate your authenticator
### Additional notes and limitations- You can register multiple authenticators by hitting the register button again.
- Due to implementation and limitations of Amazon Cognito custom user fields lengths only 2 authenticators can be registered to a given email address at a time.## Costs
Majority of proof of concept deployments of this code should fall under the [AWS Free Tier](https://aws.amazon.com/free/).