GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → maximthomas → passwordless

maximthomas / passwordless

Licence: Apache-2.0 License
Passwordless authentication server, supports OTP, WebAuthn, plan to implement TOTP and mobile biometric authentication

Programming Languages

java
68154 projects - #9 most used programming language
javascript
184084 projects - #8 most used programming language
Dockerfile
14818 projects

Labels

otpspringmicroservicepasswordlessotpauthotp-serverotp-generatorwebauthnotp-verification

Projects that are alternatives of or similar to passwordless

DPOTPView
Customisable OTP view and Passcode view
Stars: ✭ 52 (+52.94%)
Mutual labels:  otp, otpauth, otp-verification
spring-boot-otp
Spring Boot OTP technique.
Stars: ✭ 46 (+35.29%)
Mutual labels:  otp, otp-generator
extract otp secret keys
Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app
Stars: ✭ 217 (+538.24%)
Mutual labels:  otp, otpauth
verify
Laravel package to verify users with a one-time password (OTP)
Stars: ✭ 25 (-26.47%)
Mutual labels:  otp, otp-verification
KWVerificationCodeView
A customisable verification code view to capture OTPs
Stars: ✭ 83 (+144.12%)
Mutual labels:  otp, otpauth
line-fido2-server
FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
Stars: ✭ 350 (+929.41%)
Mutual labels:  passwordless, webauthn
webauthn-demo
WebAuthn demo with Ionic/Angular and Spring Boot
Stars: ✭ 22 (-35.29%)
Mutual labels:  passwordless, webauthn
one-wallet
1wallet - unconventional keyless, non-custodial wallet secured by Google Authenticator. EVM-compatible, smart contract operated, with composable security.
Stars: ✭ 85 (+150%)
Mutual labels:  otp, otpauth
webauthn.me
webauthn.me, learn more about the Web Authentication API or try the debugger.
Stars: ✭ 30 (-11.76%)
Mutual labels:  passwordless, webauthn
otp-authenticator-webapp
A 'Google Authenticator' like Single Page Application
Stars: ✭ 69 (+102.94%)
Mutual labels:  otp, otpauth
ArubaOTP-seed-extractor
Extract TOTP seed instead of using ArubaOTP app
Stars: ✭ 23 (-32.35%)
Mutual labels:  otp
kagi
WebAuthn security keys and TOTP multi-factor authentication for Django
Stars: ✭ 17 (-50%)
Mutual labels:  webauthn
throttle
Erlang/OTP application to rate limit resource access
Stars: ✭ 40 (+17.65%)
Mutual labels:  otp
crowdfunding-backend
[DEPRECATED] A crowdfunding backend written with NodeJS, Apollo and PostgreSQL. Features an extensive data model, mult. payment integrations, passwordless auth, statistics and admin endpoints.
Stars: ✭ 23 (-32.35%)
Mutual labels:  passwordless
php-totp
HOTP and TOTP token generation
Stars: ✭ 33 (-2.94%)
Mutual labels:  otp
go-libfido2
libfido2 bindings for golang
Stars: ✭ 42 (+23.53%)
Mutual labels:  webauthn
keycloak-radius-plugin
Make the radius server as part of keycloak SSO
Stars: ✭ 102 (+200%)
Mutual labels:  webauthn
nitrokey-storage-firmware
Firmware for the Nitrokey Storage device
Stars: ✭ 53 (+55.88%)
Mutual labels:  otp
secure-payment-confirmation
Explainer for Secure Payment Confirmation
Stars: ✭ 64 (+88.24%)
Mutual labels:  webauthn
macos-receiver
A MacOS TabBar (StatusBar) application that securely receives one-time passwords (OTPs) that you tapped in Raivo for iOS.
Stars: ✭ 44 (+29.41%)
Mutual labels:  otp
View All Similar Projects ➔

Passwordless Authentication Service

Helps to authenticate users without providing password.

Table of contents

How it works

You have site or web service what needs passwordless authentication, or needs second factor authentication. Passworless service is the simpler way to implement it. You just install it and integrate it with your site. This service can be used to authenticate user, using one time password (OTP) authentication or Web Authentication (WebAuthn).

You just call Passwordless service API and in case of OTP authentication service generates, sends and validates one-time password. In case of WebAuthn, Passwordless service registers or authenticates users public key.

You can also use it as second authentication factor (2FA) alongside with login and password or to authorize essential operations (for example, change password, or confirm payment) for the already authenticated user.

Quick start

There are several ways to run passwordless service:

Run from source code

$> ./mvnw spring-boot:run

Build and run docker image

$> ./mvnw install
$> docker build --tag=passwordless-service:latest .
$> docker run --name==passwordless-service --publish=8080:8080 passwordless-service:latest

Build and run docker image using docker-compose

$> ./mvnw install
$> docker-compose up --build

Using One Time Password Authentication

Introduction

A user enters credentials on your site, you get phone or email from the users credentials, and call Passwordless service API. Passwordless service generates and sends one time password (OTP) to the users phone or email using desired provider - SMS or Mail server. The user enters this OTP and then you verify it at Passwordless service. If verification was successful, the user can be authenticated.

Sample Use Cases

Registration Process

While registering the user enters his phone number or email among other data. Site calls Passwordless service to comfirm users email or phone number, to be sure that phone or email belongs to the user. After user enters valid OTP, user account with confirmed phone or email can be created.

This process shown on the diagram below: Registration diab

Authentication Process

While authentication the user enters his login, site gets users phone number or email from his profile and calls Passwordless service. Passwordless service sends OTP to the users phone or email. Users enters OTP, if OTP is valid, the user can be authenticated.

Essential Operation Confirmation (Authorization)

If there'a need to change password, restore password or confirm purchase or payment, site calls Passwordless service to be sure that exactly the user performs this critical operation.

Customize Settings

Adjust settings in otp-sample-settings.yaml

#dummy OTP sender (does noting just logs)
- id: "sms"
  name: "Dummy SMS OTP Setting"
  messageTitle: "Acme LLC"
  messageTemplate: "Confirmation code: ${otp}"
  otpLength: 5
  useLetters: false
  useDigits: true
  ttlMinutes: 3
  sender: "dummyOTPSender"

#Twilio SMS Sender
- id: "twilioSms"
  name: "Twilio SMS OTP Setting"
  messageTitle: "Acme LLC"
  messageTemplate: "Confirmation code: ${otp}"
  otpLength: 5
  useLetters: false
  useDigits: true
  ttlMinutes: 3
  sender: "twilioOTPSender"

#Email OTP Link Sender
- id: "email"
  name: "TEST Email"
  messageTitle: "Thank yor for registration"
  messageTemplate: "Temporary link: http://acme.com?link=${otp}"
  otpLength: 36
  useLetters: true
  useDigits: true
  ttlMinutes: 180 #three hours
  sender: "emailOTPSender"

Send OTP to client with SMS setting:

curl -X POST -d '{"destination": "+1999999999"}'  -H "Content-Type: application/json" 'http://localhost:8080/otp/v1/sms/send'

where /sms/ - otp settings ID from .yaml settings file Sample response:

{"operationId":"993e61be-23cf-412d-8273-f02e316e8689"}

Validate OTP with operationId:

curl -X POST -d '{"operationId": "993e61be-23cf-412d-8273-f02e316e8689", "otp": "123456"}'  -H "Content-Type: application/json" 'http://localhost:8080/otp/v1/verify'

Sample response:

{"verified":false}

More details in swagger.yaml

Using Web Authentication (WebAuthn)

Passwordless service can be used to provide WebAuthn Registration and Login functions both on server using API and on client using JavaScript SDK.

Prerequisites

Setup required origin in webauthn-sample-settings.yaml in origin setting.

And run Passwordless Service from docker compose

Using Javascript SDK

Just add to your web application SDK script and initialize SDK:

<script src="http://passwordless-service:8080/js/passwordless-sdk.js"></script>
<script>
    Passwordless.init({host: 'http://passwordless-service:8080'});
</script>

Full example is here

Registration

Just call

Passwordless.webauthn.startRegistration(login);

where login - your username, and dialog asking you to insert USB Token will appear. After successful registration SDK will return credenital Id value.

Login

If your account already registered via startRegistration function and you want to authenticate, call

Passwordless.webauthn.startLogin(login);
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].