Skip to content
/ agama-passkey Public

Gluu governed Agama project to provide a starting point for passkey authentication. See also FIDO2

gluu.org

License

Apache-2.0 license
2 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GluuFederation/agama-passkey

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

153 Commits
code
code
 
 
lib
lib
 
 
web
web
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
jans-deploy.md
jans-deploy.md
 
 
logo.png
logo.png
 
 
project.json
project.json
 
 

Repository files navigation

Contributors Forks Stargazers Issues Apache License

About Agama Passkey

This repo is home to the Gluu Agama-passkey project. Use this project to add user authentication with Passkey(passwordless authentication that uses a device to verify a user's identity before allowing them to access an account) 2-factor authentication.

Where To Deploy

The project can be deployed to any IAM server that runs an implementation of the Agama Framework like Janssen Server and Gluu Flex.

How To Deploy

Different IAM servers may provide different methods and user interfaces from where an Agama project can be deployed on that server. The steps below show how the Agama-passkey project can be deployed on the Janssen Server.

Deployment of an Agama project involves three steps.

Pre-Requisites

  • Register a client to integrate with SCIM (used to list passkeys and edit), minimum scopes:

Download The Project

Tip

Skip this step if you use the Janssen Server TUI tool to configure this project. The TUI tool enables the download and adding of this project directly from the tool, as part of the community projects listing.

The project is bundled as .gama package. Visit the Assets section of the Releases to download the .gama package.

Add The Project To The Server

The Janssen Server provides multiple ways an Agama project can be deployed and configured. Either use the command-line tool, REST API, or a TUI (text-based UI). Refer to the Agama project configuration page in the Janssen Server documentation for more details.

Configure The Project

The Agama project accepts configuration parameters in the JSON format. Every Agama project comes with a basic sample configuration file for reference.

Below is a typical configuration of the Agama-passkey project. As shown, it contains configuration parameters for the flows contained in it:

Sample JSON:

{
    "org.gluu.agama.passkey.main": {
        "scimClientId": "PUT_YOUR_SCIM_CLIENT_ID_HERE",
        "scimClientSecret": "PUT_YOUR_SCIM_CLIENT_SECRET"
    }
}

Test The Flow

Use any relying party implementation (like jans-tarp) to send an authentication request that triggers the flow.

From the incoming authentication request, the Janssen Server reads the ACR parameter value to identify which authentication method should be used. To invoke the org.gluu.agama.passkey.main flow contained in the Agama-passkey project, specify the ACR value as agama_<qualified-name-of-the-top-level-flow>, i.e agama_org.gluu.agama.passkey.main.

Customize and Make It Your Own

Fork this repo to start customizing the Agama-passkey project. It is possible to customize the user interface provided by the flow to suit your organisation's branding guidelines. Or customize the overall flow behavior. Follow the best practices and steps listed here to achieve these customizations in the best possible way. This project can be reused in other Agama projects to create more complex authentication journeys.  To reuse, trigger the org.gluu.agama.passkey.main flow from other Agama projects.

To make it easier to visualise and customize the Agama Project, use Agama Lab.

Flows In The Project

Qualified Name Description
org.gluu.agama.passkey.main This is the main flow, which you can directly launch from the browser. If you have not configured a passkey, you must first log in with your credentials and register your passkey(s) at org.gluu.agama.passkey.list. If you have at least 1 passkey configured, then you can click the "Login with passkey" button.
org.gluu.agama.passkey.list This flow is used to list the passkeys that the logged-in user has registered. If you do not have a passkey, an option to add a new passkey, org.gluu.agama.passkey.add is enabled. If you already have at least one passkey, you can click Login with passkey.
org.gluu.agama.passkey.add This flow is used to register a new passkey. The user has to validate his FIDO device, which can be a (Yubico key, device fingerprint, Windows Hello, Apple Face ID, etc.).
org.gluu.agama.passkey.nickname This flow is used to add a nickname to the newly registered passkey. Once completed, this stream returns to the org.gluu.agama.passkey.list

Demo

Check out this video to see the agama-passkey authentication flow in action. Also check the Agama Project Of The Week video series for a quick demo on this flow.

Note: While the video shows how the flow works overall, it may be dated. Do check the Test The Flow section to understand the current method of passing the ACR parameter when invoking the flow.

  • Login with credentials and configure your first passkey device, and as a last step, complete the login with your new configured key. TEST_USE_CASE_1

  • Log in without credentials; use the Login with passkey button. TEST_USE_CASE_2

About

Gluu governed Agama project to provide a starting point for passkey authentication. See also FIDO2

gluu.org

Topics

fido fido2 passkey passkeys passkeys-demo

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

11 watching

Forks

7 forks
Report repository

Releases 2

v0.0.2 Latest
Mar 29, 2024
+ 1 release

Packages

No packages published

Contributors 5

Languages