### Example 1.x code for StandardMetadataService Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc This snippet shows how to instantiate StandardMetadataService in version 1.x. ```java MetadataService metadataService = new StandardMetadataService( StandardMetadataService.createDefaultAttestationResolver( StandardMetadataService.createDefaultTrustResolver() )); ``` -------------------------------- ### Quick start Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Run the demo server locally. ```bash ../gradlew run $BROWSER http://localhost:8080/ ``` -------------------------------- ### Example 1.x RelyingParty configuration Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc This snippet shows the configuration of RelyingParty in version 1.x, including the metadataService integration point. ```diff RelyingParty rp = RelyingParty.builder() .identity(rpIdentity) .credentialRepository(credentialRepo) .attestationConveyancePreference(AttestationConveyancePreference.DIRECT) - .metadataService(metadataService)) .allowUntrustedAttestation(true) .build(); ``` -------------------------------- ### Get Java version Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Example command to retrieve the Java version, used for updating workflows. ```bash $ java -version # (example output below) openjdk version "17.0.7" 2023-04-18 OpenJDK Runtime Environment (build 17.0.7+7) OpenJDK 64-Bit Server VM (build 17.0.7+7, mixed mode) ``` -------------------------------- ### Frontend update for attestation metadata in v1.x Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc Example of accessing attestation metadata in the frontend using v1.x structure. ```diff var registrationResult = fetch(/* ... */).then(response => response.json()); -var authenticatorName = registrationResult.attestationMetadata?.deviceProperties?.description; ``` -------------------------------- ### Maven dependency update Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Example of updating the Maven dependency from webauthn-server-core-minimal to webauthn-server-core. ```xml com.yubico - webauthn-server-core-minimal - 1.12.2 + webauthn-server-core + 2.4.0-RC2 compile ``` -------------------------------- ### Example 2.0 code for FidoMetadataService Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc This snippet shows how to instantiate FidoMetadataService in version 2.0, including configuration for metadata blob handling. ```java FidoMetadataService metadataService = FidoMetadataService.builder() .useBlob(FidoMetadataDownloader.builder() .expectLegalHeader("Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/") .useDefaultTrustRoot() .useTrustRootCacheFile(new File("fido-mds-trust-root-cache.bin")) .useDefaultBlob() .useBlobCacheFile(new File("fido-mds-blob-cache.bin")) .build() .loadCachedBlob() ) .build(); ``` -------------------------------- ### Frontend update for attestation metadata in v2.0 Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc Example of accessing attestation metadata in the frontend using v2.0 structure. ```diff var registrationResult = fetch(/* ... */).then(response => response.json()); +var authenticatorName = registrationResult.attestationMetadata?.metadataStatement?.description; ``` -------------------------------- ### Gradle dependency update Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Example of updating the Gradle dependency from webauthn-server-core-minimal to webauthn-server-core. ```gradle -compile 'com.yubico:webauthn-server-core-minimal:1.12.2' +compile 'com.yubico:webauthn-server-core:2.4.0-RC2' ``` -------------------------------- ### Quick start with FIDO Metadata Service Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Run the demo server locally with FIDO Metadata Service enabled. ```bash YUBICO_WEBAUTHN_USE_FIDO_MDS=true ../gradlew run $BROWSER http://localhost:8080/ ``` -------------------------------- ### Install with Bower Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md Installs the text-encoding library using Bower. ```bash bower install text-encoding ``` -------------------------------- ### FidoMetadataDownloader and FidoMetadataService Initialization Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc Example of how to initialize FidoMetadataDownloader and FidoMetadataService, including setting up cache files and verification options. ```java FidoMetadataDownloader downloader = FidoMetadataDownloader.builder() .expectLegalHeader("Lorem ipsum dolor sit amet") .useDefaultTrustRoot() .useTrustRootCacheFile(new File("/var/cache/webauthn-server/fido-mds-trust-root.bin")) .useDefaultBlob() .useBlobCacheFile(new File("/var/cache/webauthn-server/fido-mds-blob.bin")) .verifyDownloadsOnly(true) // Recommended, otherwise cache may expire if BLOB certificate expires // See: https://github.com/Yubico/java-webauthn-server/issues/294 .build(); FidoMetadataService mds = FidoMetadataService.builder() .useBlob(downloader.loadCachedBlob()) .build(); ``` -------------------------------- ### Install with npm Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md Installs the text-encoding library using npm. ```bash npm install text-encoding ``` -------------------------------- ### Creating Discoverable Credentials (Passkeys) Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of how to configure the startRegistration options to require discoverable credentials (passkeys) by setting residentKey to REQUIRED. ```java PublicKeyCredentialCreationOptions request = rp.startRegistration( StartRegistrationOptions.builder() .user(/* ... */) .authenticatorSelection(AuthenticatorSelectionCriteria.builder() .residentKey(ResidentKeyRequirement.REQUIRED) .build()) .build()); ``` -------------------------------- ### Starting Authentication without Username Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of starting an authentication ceremony when the username can be omitted, typically used with discoverable credentials. ```java AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder().build()); ``` -------------------------------- ### Replace requireResidentKey(true) with residentKey(ResidentKeyRequirement.REQUIRED) Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Example showing the replacement of requireResidentKey(true) with residentKey(ResidentKeyRequirement.REQUIRED) in PublicKeyCredentialCreationOptions. ```diff RelyingParty rp = /* ... */; PublicKeyCredentialCreationOptions pkcco = rp.startRegistration( StartRegistrationOptions .builder() .user(userId) .authenticatorSelection( AuthenticatorSelectionCriteria .builder() - .requireResidentKey(true) + .residentKey(ResidentKeyRequirement.REQUIRED) .build() ) .build() ); ``` -------------------------------- ### User Verification Preferred Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example demonstrating how to set user verification to preferred for both registration and assertion. ```java PublicKeyCredentialCreationOptions request = rp.startRegistration( StartRegistrationOptions.builder() .user(/* ... */) .authenticatorSelection(AuthenticatorSelectionCriteria.builder() .userVerification(UserVerificationRequirement.PREFERRED) .build()) .build()); AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder() .username("alice") .userVerification(UserVerificationRequirement.PREFERRED) .build()); ``` -------------------------------- ### Update imports from com.yubico.fido.metadata to com.yubico.webauthn.extension.uvm Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Example showing the renaming of imports from com.yubico.fido.metadata to com.yubico.webauthn.extension.uvm to resolve JPMS split package name clashes. ```diff -import com.yubico.fido.metadata.KeyProtectionType; -import com.yubico.fido.metadata.MatcherProtectionType; -import com.yubico.fido.metadata.UserVerificationMethod; +import com.yubico.webauthn.extension.uvm.KeyProtectionType; +import com.yubico.webauthn.extension.uvm.MatcherProtectionType; +import com.yubico.webauthn.extension.uvm.UserVerificationMethod; ``` -------------------------------- ### Add BouncyCastleProvider Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This snippet shows how to add the BouncyCastleProvider, which should be done before instantiating RelyingParty. ```java import org.bouncycastle.jce.provider.BouncyCastleProvider; Security.addProvider(new BouncyCastleProvider()); ``` -------------------------------- ### Retrieving authenticator name in v2.0 Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc Example of how to retrieve an authenticator name using `FidoMetadataService.findEntries()` in v2.0. ```java FidoMetadataService mds = /* ... */; RegistrationResult result = rp.finishRegistration(/* ... */); Optional authenticatorName = mds.findEntries(result) .stream() .findAny() .flatMap(MetadataBLOBPayloadEntry::getMetadataStatement) .flatMap(MetadataStatement::getDescription); ``` -------------------------------- ### Retrieving authenticator name in v1.x Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc Example of how to retrieve an authenticator name using `RegistrationResult.getAttestationMetadata()` in v1.x. ```java RegistrationResult result = rp.finishRegistration(/* ... */); Optional authenticatorName = result.getAttestationMetadata() .flatMap(Attestation::getDeviceProperties) .map(deviceProps -> deviceProps.get("description")); ``` -------------------------------- ### JReleaser Configuration Properties Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/development.md Example configuration properties for JReleaser, including Sonatype credentials and GPG key information. ```properties JRELEASER_MAVENCENTRAL_USERNAME=PYgw7b JRELEASER_MAVENCENTRAL_PASSWORD=QxExuJ0wwfBzbXVOsaSTUTBkXH8Fa2dFo JRELEASER_GPG_KEYNAME=2D6753CFF0B0FB32F9EEBA485B9688125FF0B636 JRELEASER_MAVENCENTRAL_STAGE=FULL JRELEASER_GITHUB_TOKEN=nope ``` -------------------------------- ### Preferring Discoverable Credentials Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of setting the residentKey option to PREFERRED, which will create a passkey if the authenticator supports it. ```java PublicKeyCredentialCreationOptions request = rp.startRegistration( StartRegistrationOptions.builder() .user(/* ... */) .authenticatorSelection(AuthenticatorSelectionCriteria.builder() .residentKey(ResidentKeyRequirement.PREFERRED) ``` -------------------------------- ### Retrieving Additional Authenticator Metadata Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc Example of how to use `findEntries` to retrieve additional authenticator metadata for new registrations. ```java RelyingParty rp = /* ... */; RegistrationResult result = rp.finishRegistration(/* ... */); Set metadata = mds.findEntries(result); ``` -------------------------------- ### Non-Standard Behavior Example Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md Example of forcing non-standard legacy encoding behavior with TextEncoder. ```javascript var uint8array = new TextEncoder( 'windows-1252', { NONSTANDARD_allowLegacyEncoding: true }).encode(text); ``` -------------------------------- ### RelyingParty builder update for v2.0 Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc Shows the addition of `attestationTrustSource` to the RelyingParty builder in v2.0. ```diff RelyingParty rp = RelyingParty.builder() .identity(rpIdentity) .credentialRepository(credentialRepo) .attestationConveyancePreference(AttestationConveyancePreference.DIRECT) + .attestationTrustSource(metadataService) .allowUntrustedAttestation(true) .build(); ``` -------------------------------- ### Storing New Credential Information Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of storing essential credential information in a database after successful registration. ```java storeCredential( // Some database access method of your own design "alice", // Username or other appropriate user identifier result.getKeyId(), // Credential ID and transports for allowCredentials result.getPublicKeyCose(), // Public key for verifying authentication signatures result.getSignatureCount(), // Initial signature counter value result.isDiscoverable(), // Is this a passkey? result.isBackupEligible(), // Can this credential be backed up (synced)? result.isBackedUp(), // Is this credential currently backed up? pkc.getResponse().getAttestationObject(), // Store attestation object for future reference pkc.getResponse().getClientDataJSON() // Store client data for re-verifying signature if needed ); ``` -------------------------------- ### Checking Attestation Trust Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc Example of how to check if the authenticator's attestation is trusted using `isAttestationTrusted()`. ```java RelyingParty rp = /* ... */; RegistrationResult result = rp.finishRegistration(/* ... */); if (result.isAttestationTrusted()) { // Do something... } else { // Do something else... } ``` -------------------------------- ### Checking User Verification Status Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example showing how to check if user verification was used during assertion and handle accordingly. ```java AssertionResult result = rp.finishAssertion(/* ... */); if (result.isSuccess()) { if (result.isUserVerified()) { return successfulLogin(result.getUsername()); } else { return passwordRequired(result.getUsername()); } } ``` -------------------------------- ### Update GitHub Actions workflow for Java version Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Example of how to update the Java version matrix in a GitHub Actions workflow. ```yaml strategy: matrix: java: ["17.0.7"] ``` -------------------------------- ### RelyingParty Configuration with Attestation Trust Source Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc Example of configuring the RelyingParty to use the FidoMetadataService as an attestation trust source and setting the attestation conveyance preference. ```java RelyingParty rp = RelyingParty.builder() .identity(/* ... */) .credentialRepository(/* ... */) .attestationTrustSource(mds) .attestationConveyancePreference(AttestationConveyancePreference.DIRECT) .allowUntrustedAttestation(true) // Optional step: set to true (default) or false .build(); ``` -------------------------------- ### Replace requireResidentKey with residentKey Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the replacement of requireResidentKey(false) with residentKey(ResidentKeyRequirement.DISCOURAGED) in the AuthenticatorSelectionCriteria builder. ```diff RelyingParty rp = /* ... */; PublicKeyCredentialCreationOptions pkcco = rp.startRegistration( StartRegistrationOptions .builder() .user(userId) .authenticatorSelection( AuthenticatorSelectionCriteria .builder() - .requireResidentKey(false) ``` -------------------------------- ### Changes in getter return types Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the changes in how to access optional values from AuthenticatorSelectionCriteria and PublicKeyCredentialRequestOptions, specifically for user verification and resident key requirements. The `map` method is replaced with `flatMap` to correctly handle Optional values. ```diff PublicKeyCredentialCreationOptions pkcco = /* ... */; if (pkcco .getAuthenticatorSelectionCriteria() - .map(AuthenticatorSelectionCriteria::getUserVerification) + .flatMap(AuthenticatorSelectionCriteria::getUserVerification) .equals(Optional.of(UserVerificationRequirement.REQUIRED))) { // Do something... } if (pkcco .getAuthenticatorSelectionCriteria() - .map(AuthenticatorSelectionCriteria::getResidentKey) + .flatMap(AuthenticatorSelectionCriteria::getResidentKey) .equals(Optional.of(ResidentKeyRequirement.REQUIRED))) { // Do something... } PublicKeyCredentialRequestOptions pkcro = /* ... */; if (pkcro .getUserVerification() - == UserVerificationRequirement.REQUIRED)) { + .equals(Optional.of(UserVerificationRequirement.REQUIRED))) { // Do something... } ``` -------------------------------- ### Build and run demo server via Gradle Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Command to build and run the demo server directly using Gradle. ```bash ../gradlew run ``` -------------------------------- ### Run standalone executable from archive Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Commands to unpack and run the standalone Java executable from the built archive. ```bash unzip webauthn-server-demo-$VERSION.zip cd webauthn-server-demo-$VERSION ./bin/webauthn-server-demo > ./bin/webauthn-server-demo.bat ``` -------------------------------- ### Build WAR archive Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Command to build the .war archive for deployment in a Java web server. ```bash ../gradlew war ``` -------------------------------- ### Build standalone distribution archives Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc Commands to build the tar and zip archives for the standalone Java executable. ```bash ../gradlew distTar ../gradlew distZip ``` -------------------------------- ### Create a release branch Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Commands to create and push a new release branch. ```bash $ git checkout -b release-1.4.0 $ git push origin release-1.4.0 ``` -------------------------------- ### Run the tests Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Command to run the tests for the project. ```shell $ ./gradlew check ``` -------------------------------- ### Push tag to GitHub Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to push the created tag to GitHub. ```bash $ git push origin 1.4.0-RC1 ``` -------------------------------- ### Run tests Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to clean and run tests during the release process. ```bash $ ./gradlew clean check ``` -------------------------------- ### Tag a commit for pre-release Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to tag a commit with a pre-release version. ```bash $ git tag -a -s 1.4.0-RC1 -m "Pre-release 1.4.0-RC1" ``` -------------------------------- ### Create a release branch and merge Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Commands to create a release branch from a specific version and merge the main branch into it. ```bash $ git checkout 1.3.0 $ git checkout -b release-1.4.0 $ git merge --no-ff main ``` -------------------------------- ### Enforcing User Verification for Authentication Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of enforcing user verification for an authentication ceremony by setting userVerification to REQUIRED. ```java AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder() .username("alice") .userVerification(UserVerificationRequirement.REQUIRED) .build()); ``` -------------------------------- ### Code Formatting Command Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/development.md Command to apply automatic code formatting using Gradle. ```bash ./gradlew spotlessApply ./gradlew --continuous spotlessApply ``` -------------------------------- ### Requiring User Verification during Registration Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Example of setting the userVerification option to REQUIRED during registration to ensure the authenticator supports it. ```java PublicKeyCredentialCreationOptions request = rp.startRegistration( StartRegistrationOptions.builder() .user(/* ... */) .authenticatorSelection(AuthenticatorSelectionCriteria.builder() .userVerification(UserVerificationRequirement.REQUIRED) ``` -------------------------------- ### Verify artifact checksums Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Commands to verify the checksums of built artifacts against downloaded checksums. ```bash $ unzip artifact-checksums-java17-temurin.zip $ VERSION=0.1.0-SNAPSHOT ./gradlew primaryPublishJar $ sha256sum -c java-webauthn-server-artifacts.sha256sum ``` -------------------------------- ### Pushing Tag Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to push the created tag to GitHub. ```shell $ git push origin 1.4.0 ``` -------------------------------- ### Remove getWarnings methods Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the removal of RegistrationResult.getWarnings() and AssertionResult.getWarnings(), as warnings are now logged via SLF4J. ```diff RelyingParty rp = /* ... */; RegistrationResult result = rp.finishRegistration(/* ... */); -for (String warning : result.getWarnings()) { - // Do something... -} AssertionResult result = rp.finishAssertion(/* ... */); -for (String warning : result.getWarnings()) { - // Do something... -} ``` -------------------------------- ### Build the .jar artifact Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Use the included Gradle wrapper to build the .jar artifact. The output is built in the webauthn-server-core/build/libs/ directory, and the version is derived from the most recent Git tag. ```shell $ ./gradlew :webauthn-server-core:jar ``` -------------------------------- ### Publish to Sonatype Maven Central Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to publish artifacts to Sonatype Maven Central. ```bash $ ./gradlew publish jreleaserDeploy ``` -------------------------------- ### Push to main branch Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md Command to push changes directly to the main branch if no significant README changes occurred. ```bash $ git push origin main ``` -------------------------------- ### BouncyCastle Maven dependency Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Maven dependency for BouncyCastle to provide EdDSA providers on JRE 14 and earlier. ```xml org.bouncycastle bcprov-jdk15on 1.70 compile ``` -------------------------------- ### Run PIT mutation tests Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Command to run the PIT mutation tests. This may take upwards of 30 minutes. ```shell $ ./gradlew pitest ``` -------------------------------- ### BouncyCastle Gradle dependency Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc Gradle dependency for BouncyCastle to provide EdDSA providers on JRE 14 and earlier. ```groovy implementation 'org.bouncycastle:bcprov-jdk15on:1.70' ``` -------------------------------- ### Remove allowUnrequestedExtensions setting Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the removal of the 'allowUnrequestedExtensions(boolean)' setting from the RelyingParty builder, as it is now always enabled. ```diff RelyingParty rp = RelyingParty .builder() .identity(rpIdentity) .credentialRepository(credentialRepo) - .allowUnrequestedExtensions(true) .build() ``` -------------------------------- ### Gradle Dependency Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc Dependency configuration for Gradle. ```gradle implementation 'com.yubico:webauthn-server-attestation:2.9.0' ``` -------------------------------- ### Instantiate RelyingParty Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Instantiate the RelyingParty class using its builder methods, passing in your CredentialRepository implementation. ```java RelyingPartyIdentity rpIdentity = RelyingPartyIdentity.builder() .id("example.com") // Set this to a parent domain that covers all subdomains // where users' credentials should be valid .name("Example Application") .build(); RelyingParty rp = RelyingParty.builder() .identity(rpIdentity) .credentialRepository(new MyCredentialRepository()) .build(); ``` -------------------------------- ### Remove icon field from RelyingPartyIdentity and UserIdentity Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the removal of the 'icon' field from RelyingPartyIdentity and UserIdentity builders, as it was removed in WebAuthn Level 2. ```diff RelyingPartyIdentity rpIdentity = RelyingPartyIdentity.builder() .id("example.org") .name("Example Service") - .icon(new URL("https://example.org/favicon.ico")) .build(); UserIdentity userIdentity = UserIdentity.builder() .name("test@example.org") .displayName("Test User") .id(new ByteArray(new byte[] { 1, 2, 3, 4 })) - .icon(new URL("https://example.org/user.png")) .build(); ``` -------------------------------- ### Basic Usage Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md Demonstrates basic encoding and decoding of strings to and from TextEncoder and TextDecoder. ```javascript var uint8array = new TextEncoder().encode(string); var string = new TextDecoder(encoding).decode(uint8array); ``` -------------------------------- ### Remove ECDAA enum value Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc This diff shows the removal of the ECDAA enum value from the attestation type switch statement, as it was removed from WebAuthn Level 2. ```diff RelyingParty rp = /* ... */; RegistrationResult result = rp.finishRegistration(/* ... */); switch (result.getAttestationType()) { - case ECDAA: - // Do something... - break; - default: // Do something else... break; } ``` -------------------------------- ### Gradle Dependency Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Dependency configuration for Gradle. ```gradle implementation("com.yubico:webauthn-server-core:2.9.0") ``` -------------------------------- ### Verify reproducible builds Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc Verify reproducible builds by checking the artifact signature from Maven Central and GitHub releases. ```shell $ git checkout 1.4.0-RC2 $ ./gradlew :webauthn-server-core:jar $ wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/1.4.0-RC2/webauthn-server-core-1.4.0-RC2.jar.asc $ gpg --verify webauthn-server-core-1.4.0-RC2.jar.asc webauthn-server-core/build/libs/webauthn-server-core-1.4.0-RC2.jar $ wget https://github.com/Yubico/java-webauthn-server/releases/download/1.4.0-RC2/webauthn-server-core-1.4.0-RC2.jar.asc $ gpg --verify webauthn-server-core-1.4.0-RC2.jar.asc webauthn-server-core/build/libs/webauthn-server-core-1.4.0-RC2.jar ``` -------------------------------- ### JavaScript for Registration Flow Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/index.html This JavaScript code handles the user registration process, including creating new accounts with discoverable or non-discoverable credentials. ```javascript function register() { const username = document.getElementById('username').value; const displayName = document.getElementById('displayName').value; const credentialNickname = document.getElementById('credentialNickname').value; setStatus('Initiating registration ceremony with server...'); return getIndexActions() .then(urls => fetch(urls.register, { body: new URLSearchParams({ username, displayName, credentialNickname, sessionToken: session.sessionToken || null }), method: 'POST', })) .then(response => response.json()) .then(updateSession) .then(rejectIfNotSuccess) .then(data => { const authenticator = data.authenticators[0]; const challenge = authenticator.challenge; const options = { challenge: challenge, origin: window.location.origin, user: { id: authenticator.userId, name: username, displayName: displayName, }, pubKeyCredParams: [ { type: 'public-key', alg: -7 }, { type: 'public-key', alg: -257 }, ], timeout: 60000, authenticatorSelection: { authenticatorAttachment: 'platform', userVerification: 'preferred', residentKey: 'required', }, }; return navigator.credentials.create({ publicKey: options, }).then(attestation => { setStatus('Authenticator response received. Sending to server...'); return fetch(urls.attestation, { body: new URLSearchParams({ attestation: JSON.stringify(attestation), sessionToken: session.sessionToken || null }), method: 'POST', }); }).then(response => response.json()) .then(updateSession) .then(rejectIfNotSuccess) .then(data => { setStatus('Registration successful!'); if (data.registrations) { addMessage(`Successfully registered: ${data.registrations[0].credentialNickname || credentialNickname}`); } return data; }); }) .catch((err) => { setStatus('Registration failed.'); if (err.message) { addMessage(`${err.name}: ${err.message}`); } else if (err.messages) { addMessages(err.messages); } console.error('Registration failed', err); return rejected(err); }); } ```