/agama-passkey

Gluu governed Agama project to provide a starting point for passkey authentication. See also FIDO2

Primary LanguageJavaApache License 2.0Apache-2.0

Contributors Forks Stargazers Issues Apache License

Agama Passkey

Welcome to the https://github.com/GluuFederation/agama-passkey project. This project is governed by Gluu and published under an Apache 2.0 license.

Use this project to add user authentication with Passkey(passwordless authentication that uses a device to verify a user's identity before allowing them to access an account) 2-factor authentication.

For more information you can also see

Requirements

Supported IDPs

IDP Description
Jans Auth Server Deployment instructions
Gluu Flex Deployment instructions

Flows

Qualified Name Description
org.gluu.agama.passkey.main This is the main flow which you can directly launch from the browser. If you have not configured a passkey, you must first log in with your credentials and register your passkey(s) org.gluu.agama.passkey.list. If you have at least 1 passkey configured, then you can click the "Login with passkey" button.
org.gluu.agama.passkey.list This flow is used to list the passkeys that the logged-in user has registered. If you do not have a passkey, an option to add a new passkey org.gluu.agama.passkey.add is enabled. If you already have at least one passkey, you can click Login with passkey.
org.gluu.agama.passkey.add This flow is used to register a new passkey. The user has to validate his FIDO device, which can be a (Yubico key, Device fingerprint, Windows Hello, Apple Face ID, etc.).
org.gluu.agama.passkey.nickname This flow is used to add a nickname to the newly registered passkey. Once completed this stream returns to the org.gluu.agama.passkey.list

Configuration

Flow Property Value Description
org.gluu.agama.passkey.main scimClientId SCIM Client id
org.gluu.agama.passkey.main scimClientSecret SCIM Client secret

Sample JSON:

{
    "org.gluu.agama.passkey.main": {
        "scimClientId": "PUT_YOUR_SCIM_CLIENT_ID_HERE",
        "scimClientSecret": "PUT_YOUR_SCIM_CLIENT_SECRET"
    }
}

Demo

Use case 1:

Login with credentials and configure your first passkey device and as a last step complete the login with your new configured key.

TEST_USE_CASE_1

Use case 2:

Log in without credentials, use the Login with passkey button.

TEST_USE_CASE_2

Contributors

Milton
Milton Ch.

License

This project is licensed under the Apache 2.0