Passwords. They're everywhere, they get leaked... A security nightmare! A work-around is to a delegate authentication to a third party, for example using OpenID Connect. But sometimes you can't or don't want to do that - can you go password-less, with user-friendly flows?
Passkeys, and more specifically, is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss the basics of WebAuthN, and use the brand new support for passkeys in Spring Boot 3.4 to integrate it in an existing application.
Passkeys, and more specifically, is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password.
In this presentation, we will discuss the basics of WebAuthN, and use the brand new support for passkeys in Spring Boot 3.4 to integrate it in an existing application.
Daniel Garnier-Moiroux
Spring @ Broadcom
Daniel Garnier is a software engineer in the Spring team at Broadcom, working on Spring Security, and more broadly in the identity space and SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security and many open source projects, and has a keen interest in security, automation and developer productivity.
He contributes to Spring Security and many open source projects, and has a keen interest in security, automation and developer productivity.