Passwords. They're everywhere, they get leaked... A security nightmare! A work-around is to a delegate authentication to a third party, for example using OpenID Connect. But sometimes you can't or don't want to do that - can you go password-less, with user-friendly flows?
WebAuthN is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss learn the basics of WebAuthN, and do some live-coding to add WebAuthN to an existing Spring Boot application.
WebAuthN is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss learn the basics of WebAuthN, and do some live-coding to add WebAuthN to an existing Spring Boot application.
Daniel Garnier-Moiroux
Spring @ Broadcom
Daniel Garnier is a software engineer at VMware, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.