### Example 1.x code for StandardMetadataService
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
This snippet shows how to instantiate StandardMetadataService in version 1.x.
```java
MetadataService metadataService =
new StandardMetadataService(
StandardMetadataService.createDefaultAttestationResolver(
StandardMetadataService.createDefaultTrustResolver()
));
```
--------------------------------
### Quick start
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Run the demo server locally.
```bash
../gradlew run
$BROWSER http://localhost:8080/
```
--------------------------------
### Example 1.x RelyingParty configuration
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
This snippet shows the configuration of RelyingParty in version 1.x, including the metadataService integration point.
```diff
RelyingParty rp = RelyingParty.builder()
.identity(rpIdentity)
.credentialRepository(credentialRepo)
.attestationConveyancePreference(AttestationConveyancePreference.DIRECT)
- .metadataService(metadataService))
.allowUntrustedAttestation(true)
.build();
```
--------------------------------
### Get Java version
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Example command to retrieve the Java version, used for updating workflows.
```bash
$ java -version # (example output below)
openjdk version "17.0.7" 2023-04-18
OpenJDK Runtime Environment (build 17.0.7+7)
OpenJDK 64-Bit Server VM (build 17.0.7+7, mixed mode)
```
--------------------------------
### Frontend update for attestation metadata in v1.x
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
Example of accessing attestation metadata in the frontend using v1.x structure.
```diff
var registrationResult = fetch(/* ... */).then(response => response.json());
-var authenticatorName = registrationResult.attestationMetadata?.deviceProperties?.description;
```
--------------------------------
### Maven dependency update
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Example of updating the Maven dependency from webauthn-server-core-minimal to webauthn-server-core.
```xml
com.yubico
- webauthn-server-core-minimal
- 1.12.2
+ webauthn-server-core
+ 2.4.0-RC2
compile
```
--------------------------------
### Example 2.0 code for FidoMetadataService
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
This snippet shows how to instantiate FidoMetadataService in version 2.0, including configuration for metadata blob handling.
```java
FidoMetadataService metadataService = FidoMetadataService.builder()
.useBlob(FidoMetadataDownloader.builder()
.expectLegalHeader("Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/")
.useDefaultTrustRoot()
.useTrustRootCacheFile(new File("fido-mds-trust-root-cache.bin"))
.useDefaultBlob()
.useBlobCacheFile(new File("fido-mds-blob-cache.bin"))
.build()
.loadCachedBlob()
)
.build();
```
--------------------------------
### Frontend update for attestation metadata in v2.0
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
Example of accessing attestation metadata in the frontend using v2.0 structure.
```diff
var registrationResult = fetch(/* ... */).then(response => response.json());
+var authenticatorName = registrationResult.attestationMetadata?.metadataStatement?.description;
```
--------------------------------
### Gradle dependency update
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Example of updating the Gradle dependency from webauthn-server-core-minimal to webauthn-server-core.
```gradle
-compile 'com.yubico:webauthn-server-core-minimal:1.12.2'
+compile 'com.yubico:webauthn-server-core:2.4.0-RC2'
```
--------------------------------
### Quick start with FIDO Metadata Service
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Run the demo server locally with FIDO Metadata Service enabled.
```bash
YUBICO_WEBAUTHN_USE_FIDO_MDS=true ../gradlew run
$BROWSER http://localhost:8080/
```
--------------------------------
### Install with Bower
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md
Installs the text-encoding library using Bower.
```bash
bower install text-encoding
```
--------------------------------
### FidoMetadataDownloader and FidoMetadataService Initialization
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc
Example of how to initialize FidoMetadataDownloader and FidoMetadataService, including setting up cache files and verification options.
```java
FidoMetadataDownloader downloader = FidoMetadataDownloader.builder()
.expectLegalHeader("Lorem ipsum dolor sit amet")
.useDefaultTrustRoot()
.useTrustRootCacheFile(new File("/var/cache/webauthn-server/fido-mds-trust-root.bin"))
.useDefaultBlob()
.useBlobCacheFile(new File("/var/cache/webauthn-server/fido-mds-blob.bin"))
.verifyDownloadsOnly(true) // Recommended, otherwise cache may expire if BLOB certificate expires
// See: https://github.com/Yubico/java-webauthn-server/issues/294
.build();
FidoMetadataService mds = FidoMetadataService.builder()
.useBlob(downloader.loadCachedBlob())
.build();
```
--------------------------------
### Install with npm
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md
Installs the text-encoding library using npm.
```bash
npm install text-encoding
```
--------------------------------
### Creating Discoverable Credentials (Passkeys)
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of how to configure the startRegistration options to require discoverable credentials (passkeys) by setting residentKey to REQUIRED.
```java
PublicKeyCredentialCreationOptions request = rp.startRegistration(
StartRegistrationOptions.builder()
.user(/* ... */)
.authenticatorSelection(AuthenticatorSelectionCriteria.builder()
.residentKey(ResidentKeyRequirement.REQUIRED)
.build())
.build());
```
--------------------------------
### Starting Authentication without Username
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of starting an authentication ceremony when the username can be omitted, typically used with discoverable credentials.
```java
AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder().build());
```
--------------------------------
### Replace requireResidentKey(true) with residentKey(ResidentKeyRequirement.REQUIRED)
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Example showing the replacement of requireResidentKey(true) with residentKey(ResidentKeyRequirement.REQUIRED) in PublicKeyCredentialCreationOptions.
```diff
RelyingParty rp = /* ... */;
PublicKeyCredentialCreationOptions pkcco = rp.startRegistration(
StartRegistrationOptions
.builder()
.user(userId)
.authenticatorSelection(
AuthenticatorSelectionCriteria
.builder()
- .requireResidentKey(true)
+ .residentKey(ResidentKeyRequirement.REQUIRED)
.build()
)
.build()
);
```
--------------------------------
### User Verification Preferred
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example demonstrating how to set user verification to preferred for both registration and assertion.
```java
PublicKeyCredentialCreationOptions request = rp.startRegistration(
StartRegistrationOptions.builder()
.user(/* ... */)
.authenticatorSelection(AuthenticatorSelectionCriteria.builder()
.userVerification(UserVerificationRequirement.PREFERRED)
.build())
.build());
AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder()
.username("alice")
.userVerification(UserVerificationRequirement.PREFERRED)
.build());
```
--------------------------------
### Update imports from com.yubico.fido.metadata to com.yubico.webauthn.extension.uvm
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Example showing the renaming of imports from com.yubico.fido.metadata to com.yubico.webauthn.extension.uvm to resolve JPMS split package name clashes.
```diff
-import com.yubico.fido.metadata.KeyProtectionType;
-import com.yubico.fido.metadata.MatcherProtectionType;
-import com.yubico.fido.metadata.UserVerificationMethod;
+import com.yubico.webauthn.extension.uvm.KeyProtectionType;
+import com.yubico.webauthn.extension.uvm.MatcherProtectionType;
+import com.yubico.webauthn.extension.uvm.UserVerificationMethod;
```
--------------------------------
### Add BouncyCastleProvider
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This snippet shows how to add the BouncyCastleProvider, which should be done before instantiating RelyingParty.
```java
import org.bouncycastle.jce.provider.BouncyCastleProvider;
Security.addProvider(new BouncyCastleProvider());
```
--------------------------------
### Retrieving authenticator name in v2.0
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
Example of how to retrieve an authenticator name using `FidoMetadataService.findEntries()` in v2.0.
```java
FidoMetadataService mds = /* ... */;
RegistrationResult result = rp.finishRegistration(/* ... */);
Optional authenticatorName = mds.findEntries(result)
.stream()
.findAny()
.flatMap(MetadataBLOBPayloadEntry::getMetadataStatement)
.flatMap(MetadataStatement::getDescription);
```
--------------------------------
### Retrieving authenticator name in v1.x
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
Example of how to retrieve an authenticator name using `RegistrationResult.getAttestationMetadata()` in v1.x.
```java
RegistrationResult result = rp.finishRegistration(/* ... */);
Optional authenticatorName = result.getAttestationMetadata()
.flatMap(Attestation::getDeviceProperties)
.map(deviceProps -> deviceProps.get("description"));
```
--------------------------------
### JReleaser Configuration Properties
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/development.md
Example configuration properties for JReleaser, including Sonatype credentials and GPG key information.
```properties
JRELEASER_MAVENCENTRAL_USERNAME=PYgw7b
JRELEASER_MAVENCENTRAL_PASSWORD=QxExuJ0wwfBzbXVOsaSTUTBkXH8Fa2dFo
JRELEASER_GPG_KEYNAME=2D6753CFF0B0FB32F9EEBA485B9688125FF0B636
JRELEASER_MAVENCENTRAL_STAGE=FULL
JRELEASER_GITHUB_TOKEN=nope
```
--------------------------------
### Preferring Discoverable Credentials
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of setting the residentKey option to PREFERRED, which will create a passkey if the authenticator supports it.
```java
PublicKeyCredentialCreationOptions request = rp.startRegistration(
StartRegistrationOptions.builder()
.user(/* ... */)
.authenticatorSelection(AuthenticatorSelectionCriteria.builder()
.residentKey(ResidentKeyRequirement.PREFERRED)
```
--------------------------------
### Retrieving Additional Authenticator Metadata
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc
Example of how to use `findEntries` to retrieve additional authenticator metadata for new registrations.
```java
RelyingParty rp = /* ... */;
RegistrationResult result = rp.finishRegistration(/* ... */);
Set metadata = mds.findEntries(result);
```
--------------------------------
### Non-Standard Behavior Example
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md
Example of forcing non-standard legacy encoding behavior with TextEncoder.
```javascript
var uint8array = new TextEncoder(
'windows-1252', { NONSTANDARD_allowLegacyEncoding: true }).encode(text);
```
--------------------------------
### RelyingParty builder update for v2.0
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/doc/Migrating_from_v1.adoc
Shows the addition of `attestationTrustSource` to the RelyingParty builder in v2.0.
```diff
RelyingParty rp = RelyingParty.builder()
.identity(rpIdentity)
.credentialRepository(credentialRepo)
.attestationConveyancePreference(AttestationConveyancePreference.DIRECT)
+ .attestationTrustSource(metadataService)
.allowUntrustedAttestation(true)
.build();
```
--------------------------------
### Storing New Credential Information
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of storing essential credential information in a database after successful registration.
```java
storeCredential( // Some database access method of your own design
"alice", // Username or other appropriate user identifier
result.getKeyId(), // Credential ID and transports for allowCredentials
result.getPublicKeyCose(), // Public key for verifying authentication signatures
result.getSignatureCount(), // Initial signature counter value
result.isDiscoverable(), // Is this a passkey?
result.isBackupEligible(), // Can this credential be backed up (synced)?
result.isBackedUp(), // Is this credential currently backed up?
pkc.getResponse().getAttestationObject(), // Store attestation object for future reference
pkc.getResponse().getClientDataJSON() // Store client data for re-verifying signature if needed
);
```
--------------------------------
### Checking Attestation Trust
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc
Example of how to check if the authenticator's attestation is trusted using `isAttestationTrusted()`.
```java
RelyingParty rp = /* ... */;
RegistrationResult result = rp.finishRegistration(/* ... */);
if (result.isAttestationTrusted()) {
// Do something...
} else {
// Do something else...
}
```
--------------------------------
### Checking User Verification Status
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example showing how to check if user verification was used during assertion and handle accordingly.
```java
AssertionResult result = rp.finishAssertion(/* ... */);
if (result.isSuccess()) {
if (result.isUserVerified()) {
return successfulLogin(result.getUsername());
} else {
return passwordRequired(result.getUsername());
}
}
```
--------------------------------
### Update GitHub Actions workflow for Java version
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Example of how to update the Java version matrix in a GitHub Actions workflow.
```yaml
strategy:
matrix:
java: ["17.0.7"]
```
--------------------------------
### RelyingParty Configuration with Attestation Trust Source
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc
Example of configuring the RelyingParty to use the FidoMetadataService as an attestation trust source and setting the attestation conveyance preference.
```java
RelyingParty rp = RelyingParty.builder()
.identity(/* ... */)
.credentialRepository(/* ... */)
.attestationTrustSource(mds)
.attestationConveyancePreference(AttestationConveyancePreference.DIRECT)
.allowUntrustedAttestation(true) // Optional step: set to true (default) or false
.build();
```
--------------------------------
### Replace requireResidentKey with residentKey
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the replacement of requireResidentKey(false) with residentKey(ResidentKeyRequirement.DISCOURAGED) in the AuthenticatorSelectionCriteria builder.
```diff
RelyingParty rp = /* ... */;
PublicKeyCredentialCreationOptions pkcco = rp.startRegistration(
StartRegistrationOptions
.builder()
.user(userId)
.authenticatorSelection(
AuthenticatorSelectionCriteria
.builder()
- .requireResidentKey(false)
```
--------------------------------
### Changes in getter return types
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the changes in how to access optional values from AuthenticatorSelectionCriteria and PublicKeyCredentialRequestOptions, specifically for user verification and resident key requirements. The `map` method is replaced with `flatMap` to correctly handle Optional values.
```diff
PublicKeyCredentialCreationOptions pkcco = /* ... */;
if (pkcco
.getAuthenticatorSelectionCriteria()
- .map(AuthenticatorSelectionCriteria::getUserVerification)
+ .flatMap(AuthenticatorSelectionCriteria::getUserVerification)
.equals(Optional.of(UserVerificationRequirement.REQUIRED))) {
// Do something...
}
if (pkcco
.getAuthenticatorSelectionCriteria()
- .map(AuthenticatorSelectionCriteria::getResidentKey)
+ .flatMap(AuthenticatorSelectionCriteria::getResidentKey)
.equals(Optional.of(ResidentKeyRequirement.REQUIRED))) {
// Do something...
}
PublicKeyCredentialRequestOptions pkcro = /* ... */;
if (pkcro
.getUserVerification()
- == UserVerificationRequirement.REQUIRED)) {
+ .equals(Optional.of(UserVerificationRequirement.REQUIRED))) {
// Do something...
}
```
--------------------------------
### Build and run demo server via Gradle
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Command to build and run the demo server directly using Gradle.
```bash
../gradlew run
```
--------------------------------
### Run standalone executable from archive
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Commands to unpack and run the standalone Java executable from the built archive.
```bash
unzip webauthn-server-demo-$VERSION.zip
cd webauthn-server-demo-$VERSION
./bin/webauthn-server-demo
> ./bin/webauthn-server-demo.bat
```
--------------------------------
### Build WAR archive
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Command to build the .war archive for deployment in a Java web server.
```bash
../gradlew war
```
--------------------------------
### Build standalone distribution archives
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/README.adoc
Commands to build the tar and zip archives for the standalone Java executable.
```bash
../gradlew distTar
../gradlew distZip
```
--------------------------------
### Create a release branch
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Commands to create and push a new release branch.
```bash
$ git checkout -b release-1.4.0
$ git push origin release-1.4.0
```
--------------------------------
### Run the tests
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Command to run the tests for the project.
```shell
$ ./gradlew check
```
--------------------------------
### Push tag to GitHub
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to push the created tag to GitHub.
```bash
$ git push origin 1.4.0-RC1
```
--------------------------------
### Run tests
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to clean and run tests during the release process.
```bash
$ ./gradlew clean check
```
--------------------------------
### Tag a commit for pre-release
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to tag a commit with a pre-release version.
```bash
$ git tag -a -s 1.4.0-RC1 -m "Pre-release 1.4.0-RC1"
```
--------------------------------
### Create a release branch and merge
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Commands to create a release branch from a specific version and merge the main branch into it.
```bash
$ git checkout 1.3.0
$ git checkout -b release-1.4.0
$ git merge --no-ff main
```
--------------------------------
### Enforcing User Verification for Authentication
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of enforcing user verification for an authentication ceremony by setting userVerification to REQUIRED.
```java
AssertionRequest request = rp.startAssertion(StartAssertionOptions.builder()
.username("alice")
.userVerification(UserVerificationRequirement.REQUIRED)
.build());
```
--------------------------------
### Code Formatting Command
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/development.md
Command to apply automatic code formatting using Gradle.
```bash
./gradlew spotlessApply
./gradlew --continuous spotlessApply
```
--------------------------------
### Requiring User Verification during Registration
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Example of setting the userVerification option to REQUIRED during registration to ensure the authenticator supports it.
```java
PublicKeyCredentialCreationOptions request = rp.startRegistration(
StartRegistrationOptions.builder()
.user(/* ... */)
.authenticatorSelection(AuthenticatorSelectionCriteria.builder()
.userVerification(UserVerificationRequirement.REQUIRED)
```
--------------------------------
### Verify artifact checksums
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Commands to verify the checksums of built artifacts against downloaded checksums.
```bash
$ unzip artifact-checksums-java17-temurin.zip
$ VERSION=0.1.0-SNAPSHOT ./gradlew primaryPublishJar
$ sha256sum -c java-webauthn-server-artifacts.sha256sum
```
--------------------------------
### Pushing Tag
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to push the created tag to GitHub.
```shell
$ git push origin 1.4.0
```
--------------------------------
### Remove getWarnings methods
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the removal of RegistrationResult.getWarnings() and AssertionResult.getWarnings(), as warnings are now logged via SLF4J.
```diff
RelyingParty rp = /* ... */;
RegistrationResult result = rp.finishRegistration(/* ... */);
-for (String warning : result.getWarnings()) {
- // Do something...
-}
AssertionResult result = rp.finishAssertion(/* ... */);
-for (String warning : result.getWarnings()) {
- // Do something...
-}
```
--------------------------------
### Build the .jar artifact
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Use the included Gradle wrapper to build the .jar artifact. The output is built in the webauthn-server-core/build/libs/ directory, and the version is derived from the most recent Git tag.
```shell
$ ./gradlew :webauthn-server-core:jar
```
--------------------------------
### Publish to Sonatype Maven Central
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to publish artifacts to Sonatype Maven Central.
```bash
$ ./gradlew publish jreleaserDeploy
```
--------------------------------
### Push to main branch
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/releasing.md
Command to push changes directly to the main branch if no significant README changes occurred.
```bash
$ git push origin main
```
--------------------------------
### BouncyCastle Maven dependency
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Maven dependency for BouncyCastle to provide EdDSA providers on JRE 14 and earlier.
```xml
org.bouncycastle
bcprov-jdk15on
1.70
compile
```
--------------------------------
### Run PIT mutation tests
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Command to run the PIT mutation tests. This may take upwards of 30 minutes.
```shell
$ ./gradlew pitest
```
--------------------------------
### BouncyCastle Gradle dependency
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
Gradle dependency for BouncyCastle to provide EdDSA providers on JRE 14 and earlier.
```groovy
implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
```
--------------------------------
### Remove allowUnrequestedExtensions setting
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the removal of the 'allowUnrequestedExtensions(boolean)' setting from the RelyingParty builder, as it is now always enabled.
```diff
RelyingParty rp = RelyingParty
.builder()
.identity(rpIdentity)
.credentialRepository(credentialRepo)
- .allowUnrequestedExtensions(true)
.build()
```
--------------------------------
### Gradle Dependency
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-attestation/README.adoc
Dependency configuration for Gradle.
```gradle
implementation 'com.yubico:webauthn-server-attestation:2.9.0'
```
--------------------------------
### Instantiate RelyingParty
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Instantiate the RelyingParty class using its builder methods, passing in your CredentialRepository implementation.
```java
RelyingPartyIdentity rpIdentity = RelyingPartyIdentity.builder()
.id("example.com") // Set this to a parent domain that covers all subdomains
// where users' credentials should be valid
.name("Example Application")
.build();
RelyingParty rp = RelyingParty.builder()
.identity(rpIdentity)
.credentialRepository(new MyCredentialRepository())
.build();
```
--------------------------------
### Remove icon field from RelyingPartyIdentity and UserIdentity
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the removal of the 'icon' field from RelyingPartyIdentity and UserIdentity builders, as it was removed in WebAuthn Level 2.
```diff
RelyingPartyIdentity rpIdentity = RelyingPartyIdentity.builder()
.id("example.org")
.name("Example Service")
- .icon(new URL("https://example.org/favicon.ico"))
.build();
UserIdentity userIdentity = UserIdentity.builder()
.name("test@example.org")
.displayName("Test User")
.id(new ByteArray(new byte[] { 1, 2, 3, 4 }))
- .icon(new URL("https://example.org/user.png"))
.build();
```
--------------------------------
### Basic Usage
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/lib/text-encoding-0.7.0/README.md
Demonstrates basic encoding and decoding of strings to and from TextEncoder and TextDecoder.
```javascript
var uint8array = new TextEncoder().encode(string);
var string = new TextDecoder(encoding).decode(uint8array);
```
--------------------------------
### Remove ECDAA enum value
Source: https://github.com/yubico/java-webauthn-server/blob/main/doc/Migrating_from_v1.adoc
This diff shows the removal of the ECDAA enum value from the attestation type switch statement, as it was removed from WebAuthn Level 2.
```diff
RelyingParty rp = /* ... */;
RegistrationResult result = rp.finishRegistration(/* ... */);
switch (result.getAttestationType()) {
- case ECDAA:
- // Do something...
- break;
-
default:
// Do something else...
break;
}
```
--------------------------------
### Gradle Dependency
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Dependency configuration for Gradle.
```gradle
implementation("com.yubico:webauthn-server-core:2.9.0")
```
--------------------------------
### Verify reproducible builds
Source: https://github.com/yubico/java-webauthn-server/blob/main/README.adoc
Verify reproducible builds by checking the artifact signature from Maven Central and GitHub releases.
```shell
$ git checkout 1.4.0-RC2
$ ./gradlew :webauthn-server-core:jar
$ wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/1.4.0-RC2/webauthn-server-core-1.4.0-RC2.jar.asc
$ gpg --verify webauthn-server-core-1.4.0-RC2.jar.asc webauthn-server-core/build/libs/webauthn-server-core-1.4.0-RC2.jar
$ wget https://github.com/Yubico/java-webauthn-server/releases/download/1.4.0-RC2/webauthn-server-core-1.4.0-RC2.jar.asc
$ gpg --verify webauthn-server-core-1.4.0-RC2.jar.asc webauthn-server-core/build/libs/webauthn-server-core-1.4.0-RC2.jar
```
--------------------------------
### JavaScript for Registration Flow
Source: https://github.com/yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/index.html
This JavaScript code handles the user registration process, including creating new accounts with discoverable or non-discoverable credentials.
```javascript
function register() {
const username = document.getElementById('username').value;
const displayName = document.getElementById('displayName').value;
const credentialNickname = document.getElementById('credentialNickname').value;
setStatus('Initiating registration ceremony with server...');
return getIndexActions()
.then(urls => fetch(urls.register, {
body: new URLSearchParams({ username, displayName, credentialNickname, sessionToken: session.sessionToken || null }),
method: 'POST',
}))
.then(response => response.json())
.then(updateSession)
.then(rejectIfNotSuccess)
.then(data => {
const authenticator = data.authenticators[0];
const challenge = authenticator.challenge;
const options = {
challenge: challenge,
origin: window.location.origin,
user: {
id: authenticator.userId,
name: username,
displayName: displayName,
},
pubKeyCredParams: [
{ type: 'public-key', alg: -7 },
{ type: 'public-key', alg: -257 },
],
timeout: 60000,
authenticatorSelection: {
authenticatorAttachment: 'platform',
userVerification: 'preferred',
residentKey: 'required',
},
};
return navigator.credentials.create({
publicKey: options,
}).then(attestation => {
setStatus('Authenticator response received. Sending to server...');
return fetch(urls.attestation, {
body: new URLSearchParams({ attestation: JSON.stringify(attestation), sessionToken: session.sessionToken || null }),
method: 'POST',
});
}).then(response => response.json())
.then(updateSession)
.then(rejectIfNotSuccess)
.then(data => {
setStatus('Registration successful!');
if (data.registrations) {
addMessage(`Successfully registered: ${data.registrations[0].credentialNickname || credentialNickname}`);
}
return data;
});
})
.catch((err) => {
setStatus('Registration failed.');
if (err.message) {
addMessage(`${err.name}: ${err.message}`);
} else if (err.messages) {
addMessages(err.messages);
}
console.error('Registration failed', err);
return rejected(err);
});
}
```