This project implements the FIDO UAF and WebAuthn/FIDO2 authentication standards using Spring Boot and Java 21. It builds upon and improves several open-source projects.
This project is based on and incorporates code from:
-
webauthn_java_spring_demo by jgrams
- Original repository: https://github.com/jgrams/webauthn_java_spring_demo
- Copyright (c) 2022 jgrams
- Licensed under the Apache License 2.0
- This serves as the base architecture for our WebAuthn implementation
-
eBay UAF (Universal Authentication Framework)
- Original repository: https://github.com/eBay/UAF
- Copyright (c) 2015 eBay Inc.
- Licensed under the Apache License, Version 2.0
- Provides the reference implementation of the FIDO UAF protocol.
- Portions of this project are derived from or based on the original eBay UAF implementation.
All original works are used in accordance with their respective Apache 2.0 licenses.
Prerequisites:
Java 21: This project uses Java 21. If you don't have Java 21, you can install OpenJDK. Instructions are found on the OpenJDK website.
This derivative work includes the following enhancements:
- Upgraded to Java 21 and Spring Boot 3.5.5
- Keycloak integration for centralized identity management
- Dual protocol support for both WebAuthn (FIDO2) and UAF (FIDO UAF 1.0)
- Modern architecture with improved security and performance
- Enhanced API with OpenAPI/Swagger documentation
- H2 database integration for development and testing
Before running the FIDO UAF Server or mobile client, you must update the configuration in application.yml:
| Setting | Description | Example |
|---|---|---|
endpoint |
The base URL of your FIDO UAF Server. When testing on a mobile device, replace localhost with your computerβs IPv4 address so the phone can reach the server. |
http://xx.xx.xxx.xx:8081 |
facetId |
The unique Facet ID that identifies your mobile app. For testing, you can set it to your phone model name or any unique identifier. |
android:apk-key-hash:YOUR_PHONE_MODEL |
To install this example application, run the following commands:
git clone https://github.com/BenzeneSnake/fido-uaf-server
cd fido-uaf-serverThis project is the backend server. The full system consists of the following components:
| Repository | Description | Protocol |
|---|---|---|
| fido-uaf-server (this repo) | Spring Boot backend for both FIDO UAF and WebAuthn | UAF + WebAuthn |
| fido-uaf-client | Android mobile client that performs UAF registration and authentication | FIDO UAF 1.0 |
| angular-frontend | Angular web frontend for WebAuthn passkey registration and login | WebAuthn / FIDO2 |
βββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββ
β Android App β β fido-uaf-server (this repo) β
β fido-uaf-client βββββββββΊβ FIDO UAF Server (port 8081) β
β (FIDO UAF 1.0) β β β
βββββββββββββββββββββββββββ β WebAuthn Backend (port 8080) β
ββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββ β²
β Browser / Web App β β
β angular-frontend ββββββββββββββββββββββββββββ
β (WebAuthn / FIDO2) β
βββββββββββββββββββββββββββ
FIDO UAF flow: The Android client (fido-uaf-client) communicates with the UAF Server on port 8081 to register and authenticate using device biometrics or PIN. Make sure to configure endpoint and facetId in application.yml before testing with a real device.
WebAuthn flow: The Angular frontend (angular-frontend) communicates with the WebAuthn backend on port 8080 to register and authenticate using passkeys (platform authenticators or security keys).
This project contains two modules. Start each one in a separate terminal:
FIDO UAF Server (port 8081):
./mvnw -pl fido-uaf-server spring-boot:runAPI docs available at http://localhost:8081/swagger-ui.html
FIDO WebAuthn (port 8080):
./mvnw -pl webauthn-app spring-boot:runAPI docs available at http://localhost:8080/swagger-ui.html
Then clone and start the corresponding client for end-to-end testing:
- UAF mobile client: see fido-uaf-client for Android setup instructions
- WebAuthn frontend: see angular-frontend for Angular setup instructions
This project uses the following key open-source libraries:
- Spring Boot - Application framework
- Yubico WebAuthn Server Core - WebAuthn/FIDO2 implementation
- eBay UAF - FIDO UAF protocol implementation
- H2 Database - In-memory database for development
- Lombok - Code generation
- SpringDoc OpenAPI - API documentation
For a complete list of dependencies, see pom.xml.
This project includes code derived from eBay UAF, which is licensed under the Apache License, Version 2.0.
All modifications made to the original source are noted within the code and documentation. Β© 2025 YourName. Licensed under the Apache License, Version 2.0.
This is a derivative work incorporating code from:
- jgrams/webauthn_java_spring_demo (Apache 2.0)
- eBay/UAF (Apache 2.0)
All modifications and enhancements are also released under Apache 2.0. When using this code, you must:
- Retain all copyright notices from original works
- Include a copy of the Apache License 2.0
- State any significant modifications made to the original code
- Ensure compliance with the Apache License 2.0 terms
For detailed attribution and third-party notices, see the LICENSE file.
This software is provided "AS IS" without warranty of any kind. The authors and contributors are not liable for any damages arising from the use of this software. See the LICENSE file for complete terms and conditions.