webauthn4j / Webauthn4j
Licence: apache-2.0
A portable Java library for WebAuthn and Apple App Attest server side verification
Stars: ✭ 158
Programming Languages
java
68154 projects - #9 most used programming language
Labels
Projects that are alternatives of or similar to Webauthn4j
Gotrue
An SWT based API for managing users and issuing SWT tokens
Stars: ✭ 2,493 (+1477.85%)
Mutual labels: authentication
Rodauth Rails
Rails integration for Rodauth authentication framework
Stars: ✭ 150 (-5.06%)
Mutual labels: authentication
Globalprotect Openconnect
A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports SAML auth mode.
Stars: ✭ 143 (-9.49%)
Mutual labels: authentication
Stelace
Open-source marketplace backend in Node.js, empowering Web platforms with Search API, Automation, Auth, Headless CMS… ⚡ 💻
Stars: ✭ 144 (-8.86%)
Mutual labels: authentication
Angular 7 Registration Login Example
Angular 7 User Registration and Login Example
Stars: ✭ 147 (-6.96%)
Mutual labels: authentication
Laravel Scaffold
The base for developing awesome projects
Stars: ✭ 142 (-10.13%)
Mutual labels: authentication
Djoser
REST implementation of Django authentication system.
Stars: ✭ 2,019 (+1177.85%)
Mutual labels: authentication
Googleauthr
Google API Client Library for R. Easy authentication and help to build Google API R libraries with OAuth2. Shiny compatible.
Stars: ✭ 150 (-5.06%)
Mutual labels: authentication
Nest User Auth
A starter build for a back end which implements managing users with MongoDB, Mongoose, NestJS, Passport-JWT, and GraphQL.
Stars: ✭ 145 (-8.23%)
Mutual labels: authentication
Simpleauth
The Simplest way to Authenticate and make Rest API calls in .Net
Stars: ✭ 148 (-6.33%)
Mutual labels: authentication
Tokens
Java library for conveniently verifying and storing OAuth 2.0 service access tokens
Stars: ✭ 142 (-10.13%)
Mutual labels: authentication
Express Mongodb Rest Api Boilerplate
A boilerplate for Node.js apps / Rest API / Authentication from scratch - express, mongodb (mongoose).
Stars: ✭ 153 (-3.16%)
Mutual labels: authentication
Magic Js
Magic browser/React Native JavaScript SDK is your entry-point to integrating passwordless authentication inside your application.
Stars: ✭ 143 (-9.49%)
Mutual labels: authentication
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (-2.53%)
Mutual labels: authentication
Relay Authentication
An example app demonstrating role based authentication and file upload with Relay and GraphQL.
Stars: ✭ 153 (-3.16%)
Mutual labels: authentication
Passport Vkontakte
VK.com authentication strategy for Passport and Node.js
Stars: ✭ 149 (-5.7%)
Mutual labels: authentication
WebAuthn4J
A portable Java library for WebAuthn and Apple App Attest server side verification
Conformance
All mandatory test cases and optional Android Key attestation test cases of FIDO2 Test Tools provided by FIDO Alliance are passed.
Supported Attestation statement format
All attestation statement formats are supported.
- Packed attestation
- FIDO U2F attestation
- Android Key attestation
- Android SafetyNet attestation
- TPM attestation
- Apple Anonymous attestation
- None attestation
- Apple App Attest attestation
Kotlin friendly
Although WebAuthn4J is written in Java, public members are marked by NonNull or Nullable annotation
to declare nullability explicitly.
Projects using WebAuthn4J
Documentation
You can find out more details from the reference.
Getting from Maven Central
If you are using Maven, just add the webauthn4j as a dependency:
<properties>
...
<!-- Use the latest version whenever possible. -->
<webauthn4j.version>0.14.1.RELEASE</webauthn4j.version>
...
</properties>
<dependencies>
...
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-core</artifactId>
<version>${webauthn4j.version}</version>
</dependency>
...
</dependencies>
Build from source
WebAuthn4J uses a Gradle based build system.
In the instructions below, gradlew is invoked from the root of the source tree and serves as a cross-platform,
self-contained bootstrap mechanism for the build.
Prerequisites
- Java8 or later
Checkout sources
git clone https://github.com/webauthn4j/webauthn4j
Build all jars
./gradlew build
How to use
Parse and Validation on WebAuthn registration
If your would like to validate Apple App Attest, please see the reference.
// Client properties
byte[] attestationObject = null /* set attestationObject */;
byte[] clientDataJSON = null /* set clientDataJSON */;
String clientExtensionJSON = null; /* set clientExtensionJSON */;
Set<String> transports = null /* set transports */;
// Server properties
Origin origin = null /* set origin */;
String rpId = null /* set rpId */;
Challenge challenge = null /* set challenge */;
byte[] tokenBindingId = null /* set tokenBindingId */;
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
// expectations
boolean userVerificationRequired = false;
boolean userPresenceRequired = true;
List<String> expectedExtensionIds = Collections.emptyList();
RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON, clientExtensionJSON, transports);
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, userVerificationRequired, userPresenceRequired, expectedExtensionIds);
RegistrationData registrationData;
try{
registrationData = webAuthnManager.parse(registrationRequest);
}
catch (DataConversionException e){
// If you would like to handle WebAuthn data structure parse error, please catch DataConversionException
throw e;
}
try{
webAuthnManager.validate(registrationData, registrationParameters);
}
catch (ValidationException e){
// If you would like to handle WebAuthn data validation error, please catch ValidationException
throw e;
}
// please persist Authenticator object, which will be used in the authentication process.
Authenticator authenticator =
new AuthenticatorImpl( // You may create your own Authenticator implementation to save friendly authenticator name
registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(),
registrationData.getAttestationObject().getAttestationStatement(),
registrationData.getAttestationObject().getAuthenticatorData().getSignCount()
);
save(authenticator); // please persist authenticator in your manner
Parse and Validation on authentication
// Client properties
byte[] credentialId = null /* set credentialId */;
byte[] userHandle = null /* set userHandle */;
byte[] authenticatorData = null /* set authenticatorData */;
byte[] clientDataJSON = null /* set clientDataJSON */;
String clientExtensionJSON = null /* set clientExtensionJSON */;
byte[] signature = null /* set signature */;
// Server properties
Origin origin = null /* set origin */;
String rpId = null /* set rpId */;
Challenge challenge = null /* set challenge */;
byte[] tokenBindingId = null /* set tokenBindingId */;
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
// expectations
boolean userVerificationRequired = true;
boolean userPresenceRequired = true;
List<String> expectedExtensionIds = Collections.emptyList();
Authenticator authenticator = load(credentialId); // please load authenticator object persisted in the registration process in your manner
AuthenticationRequest authenticationRequest =
new AuthenticationRequest(
credentialId,
userHandle,
authenticatorData,
clientDataJSON,
clientExtensionJSON,
signature
);
AuthenticationParameters authenticationParameters =
new AuthenticationParameters(
serverProperty,
authenticator,
userVerificationRequired,
userPresenceRequired,
expectedExtensionIds
);
AuthenticationData authenticationData;
try{
authenticationData = webAuthnManager.parse(authenticationRequest);
}
catch (DataConversionException e){
// If you would like to handle WebAuthn data structure parse error, please catch DataConversionException
throw e;
}
try{
webAuthnManager.validate(authenticationData, authenticationParameters);
}
catch (ValidationException e){
// If you would like to handle WebAuthn data validation error, please catch ValidationException
throw e;
}
// please update the counter of the authenticator record
updateCounter(
authenticationData.getCredentialId(),
authenticationData.getAuthenticatorData().getSignCount()
);
Sample application
WebAuthn4J Spring Security is built on the top of WebAuthn4J, and its sample application demonstrates WebAuthn4J feature well. Please see WebAuthn4J Spring Security sample application.
License
WebAuthn4J is Open Source software released under the Apache 2.0 license.
Contributing
Interested in helping out with WebAuthn4J? Great! Your participation in the community is much appreciated! Please feel free to open issues and send pull-requests.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].