/passkey-workshop

Sample backend application to demonstrate a relying party that supports passkeys. This example includes examples of the java-webauthn-server library, helper classes, code examples, best practices, and API schemas.

Primary LanguageShell

Contributors Forks Stargazers Issues Apache-2.0


Logo

Passkey Relying Party Example

Sample backend application to demonstrate a relying party that supports passkeys. This example includes examples of the java-webauthn-server library, helper classes, code examples, best practices, and API schemas.
Explore the docs »

· Report Bug · Request Feature

Table of contents
  1. About The project
  2. Built with
  3. Getting started
  4. Next steps
  5. Contributing
  6. License
  7. Contact

About The Project

Passkeys are the long awaited replacement for passwords. While passwords have been the primary standard in securing user accounts, they are not without issues. Passwords are easy to forget, and easily phishable; which has led to security breaches in various industries such as energy, healthcare, and technology.

What does this mean for your application, and your users? As adoption continues to increase, your users will expect that your application allows them to leverage their passkey supported devices to securely and seamlessly authenticate into their accounts.

This project provides a sample application that demonstrates a full end-to-end passkey solution. The objective is to demonstrate a working prototype to help remove some uncertainty that your development team may encounter on your road to adopting passkeys in your application.

Our example is architected in a way for a developer to take advantage of multiple interfaces so that they may use the database, identity provider, and cloud environment in which they operate in. While the architectural components may differ from app to app, the fundamental logic remains fairly consistent between passkey applications.

Some of the features included in this project are a:

  • Working web and mobile client applications to test different passkey user flows
  • Working backend application with APIs that can process, store, and validate passkeys sent by any of your clients
  • Demonstration on how to enable passkey with an OpenID-Connect identity provider
  • Set of best practices for storing passkeys in a database

Disclaimer - This project is not meant to act as a production ready solution. Please review and understand the code, then integrate the needed components, and make any modifications based on your security requirements.

(back to top)

Built With

(back to top)

Getting Started

To begin your journey, click the link below for our full walkthrough on our passkey application.

Link to Yubico's passkey workshop

Follow the steps below for a quick deployment.

  1. Clone the repository
git clone https://github.com/YubicoLabs/passkey-workshop.git
  1. Navigate to the scripts folder
cd passkey-workshop/scripts
  1. Run the deployment script
# For Mac and Linux
./DeployProject.sh

# For Windows (Powershell)
\DeployProject.ps1
  1. Open the client app at localhost:3000

Next steps

Still curious about passkey development? The resources below may help to strengthen your understanding

Do you have a working solution? Share it with the community! The links below are resources where you can share your deployment, and have it reviewed to tell the world that your solution supports passkeys.

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)

License

Distributed under the Apache-2.0 License. See LICENSE for more information.

(back to top)

Contact

Yubico Developer Program

Report an issue

(back to top)