FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
FIDO2(WebAuthn) Server officially certified by FIDO Alliance
FIDO (Fast IDentity Online) is an open standard for online authentication. It is designed to solve the password problems stemming from a lot of security problems as we are suffering today.
Rather than relying on symmetric credentials (like passwords or PINs, typically which is a knowledge-based factor), FIDO is based on a public-key cryptography algorithm that is based on asymmetric credentials.
Simply, the device generates the key pair and stores the private key within the secure area, and sends the corresponding public key (as the name implies it is okay to be public) to the server.
Then, if the authentication is needed, the server sends challenges to the device and the device generates the digital signature with the private key and sends it to the server.
Finally, the server can validate the signature with the registered public key.
FIDO2 is an improved standard for use on the web and other platforms as well as mobile. Various web browsers and OS platforms currently support the FIDO2 standard API.
Basically, FIDO2 has the following operations - Registration, Authentication.
You need to run the FIDO2 server and RP Server first.
If you want to integrate your own RP Server, please implement APIs by referring to the sample codes. Regarding client sides, you may implement the web app for communicating with the RP server.
We also provide our server in the form of a spring boot starter. Check out the spring-boot-starter directory.
# Start RP Server
cd rpserver
./gradlew bootRun
# Start FIDO2 Server or Line-fido2-spring-boot Demo
cd server
./gradlew bootRun
cd spring-boot-starter/line-fido2-spring-boot-demo
./gradlew bootRun
If the Docker environment is configured, You can easily run applications with docker-compose.
# Start both RP Server and FIDO2 Server
docker-compose up
After running the applications, you can open the test page at the link below.
FIDO2 Server running on local environments uses h2 as an embedded DB. This needs to be replaced with commercial standalone DB for other environments such as staging, beta or real.
In the case of the local environment, you can use the h2 console. Add the following path /h2-console to the fido server URL to access the h2 web console.
e.g., http://localhost:8081/h2-console
If the below error occurs while logging in to h2-console,
No suitable driver found for 08001/0
try to remove or comment out logbook-spring-boot-starter from build.gradle.
implementation('org.zalando:logbook-spring-boot-starter:1.8.1')
This project utilizes Lombok to reduce implementing getter/setter/constructors. You need the Lombok plugin to build with IntelliJ and Eclipse. See the following web pages to get information.
jar {
processResources {
exclude("**/*.sql")
}
}
task dockerBuild() {
jar.enabled = false
dependsOn(bootJar)
}
After running the applications, you can view API guide documents at the link below.
LINE Engineering Blogs
LINE DevDay Videos
Internal
External