.png)
Sample backend application to demonstrate a relying party that supports passkeys. This example includes examples of the java-webauthn-server library, helper classes, code examples, best practices, and API schemas.
Explore the docs »
·
Report Bug
·
Request Feature
Table of contents
Passkeys are the long awaited replacement for passwords. While passwords have been the primary standard in securing user accounts, they are not without issues. Passwords are easy to forget, and easily phishable; which has led to security breaches in various industries such as energy, healthcare, and technology.
What does this mean for your application, and your users? As adoption continues to increase, your users will expect that your application allows them to leverage their passkey supported devices to securely and seamlessly authenticate into their accounts.
This project provides a sample application that demonstrates a full end-to-end passkey solution. The objective is to demonstrate a working prototype to help remove some uncertainty that your development team may encounter on your road to adopting passkeys in your application.
Our example is architected in a way for a developer to take advantage of multiple interfaces so that they may use the database, identity provider, and cloud environment in which they operate in. While the architectural components may differ from app to app, the fundamental logic remains fairly consistent between passkey applications.
Some of the features included in this project are a:
- Working web and mobile client applications to test different passkey user flows
- Working backend application with APIs that can process, store, and validate passkeys sent by any of your clients
- Demonstration on how to enable passkey with an OpenID-Connect identity provider
- Set of best practices for storing passkeys in a database
Disclaimer - This project is not meant to act as a production ready solution. Please review and understand the code, then integrate the needed components, and make any modifications based on your security requirements.
- Java
- Spring Boot
- Yubico's java-webauthn-server library
- React
- Swift
- MySQL
- Keycloak
- Docker
- FIDO Metadata Service
To begin your journey, click the link below for our full walkthrough on our passkey application.
Link to Yubico's passkey workshop
Follow the steps below for a quick deployment.
- Clone the repository
git clone https://github.com/YubicoLabs/passkey-workshop.git- Navigate to the deploy folder
cd passkey-workshop/deploy- Run the deployment script
# For Mac and Linux
./deploy.sh
# For Windows (Powershell)
\deploy.ps1- Open the client app at localhost:3000
Still curious about passkey development? The resources below may help to strengthen your understanding
Do you have a working solution? Share it with the community! The links below are resources where you can share your deployment, and have it reviewed to tell the world that your solution supports passkeys.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the Apache-2.0 License. See LICENSE for more information.