GluuFederation/agama-passkey

Gluu governed Agama project to provide a starting point for passkey authentication. See also FIDO2

Agama Passkey

Welcome to the https://github.com/GluuFederation/agama-passkey project. This project is governed by Gluu and published under an Apache 2.0 license.

Use this project to add user authentication with Passkey(passwordless authentication that uses a device to verify a user's identity before allowing them to access an account) 2-factor authentication.

For more information you can also see

• Passkey
• FIDO Specs

Requirements

• Register a client to integrate with SCIM (Used to list passkeys and edit), minimum scopes:
  • https://jans.io/scim/fido2.read
  • https://jans.io/scim/fido2.write

Supported IDPs

IDP	Description
Jans Auth Server	Deployment instructions
Gluu Flex	Deployment instructions

Flows

Qualified Name	Description
org.gluu.agama.passkey.main	This is the main flow which you can directly launch from the browser. If you have not configured a passkey, you must first log in with your credentials and register your passkey(s) org.gluu.agama.passkey.list. If you have at least 1 passkey configured, then you can click the "Login with passkey" button.
org.gluu.agama.passkey.list	This flow is used to list the passkeys that the logged-in user has registered. If you do not have a passkey, an option to add a new passkey org.gluu.agama.passkey.add is enabled. If you already have at least one passkey, you can click Login with passkey.
org.gluu.agama.passkey.add	This flow is used to register a new passkey. The user has to validate his FIDO device, which can be a (Yubico key, Device fingerprint, Windows Hello, Apple Face ID, etc.).
org.gluu.agama.passkey.nickname	This flow is used to add a nickname to the newly registered passkey. Once completed this stream returns to the org.gluu.agama.passkey.list

Configuration

Flow	Property	Value Description
org.gluu.agama.passkey.main	scimClientId	SCIM Client id
org.gluu.agama.passkey.main	scimClientSecret	SCIM Client secret

Sample JSON:

{
    "org.gluu.agama.passkey.main": {
        "scimClientId": "PUT_YOUR_SCIM_CLIENT_ID_HERE",
        "scimClientSecret": "PUT_YOUR_SCIM_CLIENT_SECRET"
    }
}

Demo

Use case 1:

Login with credentials and configure your first passkey device and as a last step complete the login with your new configured key.

Use case 2:

Log in without credentials, use the Login with passkey button.

Contributors

Milton Ch.

License

This project is licensed under the Apache 2.0