WebAuthn is a web authentication standard approved in March, 2019 by the World Wide Web Consortium (W3C) making it easy for websites, services, and applications to offer robust authentication without relying on passwords as it allows users to be authenticated using public-key cryptography.
Most websites, services, and applications have difficulty providing secure and convenient authentication for users. Passwords are the problem as they tend to be either so simple that they are easily guessed by hackers or so complex that they are hard for users to remember. And afterall, passwords, regardless of their complexity, are vulnerable to phishing and data breaches.
The fact that a password can be a shared secret makes it vulnerable. We don't see this weakness in public-key cryptography. The Web Authentication (WebAuthn) API is a specification written by W3C and FIDO, with the participation of Google, Yubico, Microsoft, Mozilla, and others. This API allows users to be authenticated using public-key cryptography.
WebAuthn is the only web authentication method that is phishing resistant and its also implemented across a variety of browsers. See supported browsers. A WebAuthn authenticator allows you to authenticate using two types of authenticators:
- Platform authenticators: are attached to a specific device and only work on them. For e.x., Windows Hello, Macbook's TouchBar, iOS Touch/FaceID and Android's fingerprint scanner, etc.
- Roaming authenticators: are cross-platform authenticators and are removable, can be used on multiple devices using USB, NFC or Bluetooth. For e.x., Yubikey.
- webauthn-server-core: Server-side WebAuthn library for Java. See JavaDoc.
- webauthn-server-attestation: Simplified implementation of MetadataService.
- yubico-util: contains some utility classes, not part of the Public API.
- webauthn-authenticator: Contains the implementation of WebAuthn authenticator.
You can use the already included Gradle Wrapper v7.2 for running the WebAuthn Authenticator.
$ git clone [email protected]:SpecterX-AHM/WebAuthn-Authenticator.git
$ cd WebAuthn-Authenticator
Make sure to use jdk-11.0.13.
To build
$ ./gradlew build
To run
$ ./gradlew run
This will serve the application at https://localhost:8888.
To generate a war
$ ./gradlew war
Some references and gratitude to: