webauthn-json
java-webauthn-server
| webauthn-json | java-webauthn-server | |
|---|---|---|
| 1 | 4 | |
| 723 | 425 | |
| 1.2% | 3.1% | |
| 2.7 | 8.5 | |
| 13 days ago | 23 days ago | |
| TypeScript | Scala | |
| MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webauthn-json
-
Multi-Factor Authentication for Rails with WebAuthn and Devise
First, we will add the necessary NPM packages. We will use @github/webauthn-json as a nice wrapper for the WebAuthn API and @rails/request.js for easier requests to the backend (with built-in Turbo Stream support).
java-webauthn-server
-
A Passwordless Future! Passkeys for Java Developers
java-webauthn-server: A library from Yubico that supports many attestation format. But it is not 100% FIDO2 conformant.
-
Is there any way to allow login with a Yubikey across multiple domain names (explanation inside)
I have some example code here: https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/index.html
- What's the state of WebAuthn for Java? Has anyone had to implement WebAuthn for one of their projects?
-
Software and drivers
If you need them to use one of a set of trusted authenticator models, then you need attestation. Your authentication servers will need to compile a set of acceptable attestation root certificates, and require that all enrolled credentials have a valid attestation statement that correctly chains to one of those trusted root certificates. Yubico provides libraries to help with this for Python and Java You can provide the devices or let users self-source one on the list of acceptable models. Your webapp will also need to guide users to use the correct authenticator if they attempt to use an untrusted one. Note that this will only let you verify an authenticator model, not individual YubiKeys (i.e., not on serial number level).
What are some alternatives?
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
webauthn4j - A portable Java library for WebAuthn(Passkeys) server side verification
webauthn4j-spring-security - WebAuthn4J Extension for Spring Security
fido2-net-lib - FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
akka-http-session - Web & mobile client-side akka-http sessions, with optional JWT support
webauthn-ruby - WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
Ruby on Rails - Ruby on Rails
fido2 - Open-source FIDO server, featuring the FIDO2 standard. https://demo4.strongkey.com/getstarted/#/openapi/fido
softu2f-fprintd-docker - Windows-Hello-like experience on Linux
Tailwind CSS - A utility-first CSS framework for rapid UI development.