Passwords. They're everywhere, they get leaked... A security nightmare! A work-around is to a delegate authentication to a third party, for example using OpenID Connect. But sometimes you can't or don't want to do that - can you still go password-less, with user-friendly flows?
Passkeys, and more specifically the WebAuthN spec, is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss the basics of WebAuthN, and use the brand new support for passkeys in Spring Boot 3.4 to integrate it in an existing application.
Passkeys, and more specifically the WebAuthN spec, is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss the basics of WebAuthN, and use the brand new support for passkeys in Spring Boot 3.4 to integrate it in an existing application.