What if users can create an account and log into your application without ever having to enter a password. For example, a new user accesses your application from an iPhone they are able to create a new account and login using FaceId. This deep dive shows you how to use the Web Authentication Protocol, Passkeys and the Spring Security Authorization Server to implement such functionality. The Web Authentication is widely implemented in all modern browsers provides a highly secure and user-friendly on-boarding and authentication experience. Recently Google, Microsoft, and Apple introduced Passkeys as the preferred passwordless authentication technology based on FIDO and WebAuthn. In the workshop we will cover everything you need to know to understand how the WebAuthenticaiton, Passkey, FIDO2 protocols works and how to implement it using Spring Security and Spring Authorization Server. A git repo with highly commented code showing implementation will be provided.
Come learn everything you need know about the exciting world of passkeys so you can add it to your existing applications or use it for your new apps. No previous background in security is required to follow along and learn.
Adib Saikali
Adib Saikali is a global field principal solutions engineer at VMware Tanzu, focused on helping VMware’s largest customers design and build cloud native applications and platforms using Spring and Kubernetes. Adib is the author of Securing Cloud Applications a book that teaches application developers the fundamental security technologies and protocols required to secure cloud native applications. Over the past 25 years Adib has worked at startups and global enterprises on numerous software systems in a variety of roles, from software developer, architect, agile coach, and CTO. He has developed a 360-degree view of what it takes to build software systems efficiently, and economically.
Joe Grandja
Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server. With over 25 years of industry experience, in the Toronto, Canada area, he has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions.