Server-side Web Authentication library for Java
Clone or download



Note: This is a work in progress. The Web Authentication standard is not yet finished, and additional pre-1.0 releases of this library may introduce breaking API changes.

Build Status Coverage Status

Server-side Web Authentication library for Java. Provides implementations of the Relying Party operations required for a server to support Web Authentication. This includes registering authenticators and authenticating registered authenticators.

Planned breaking changes

  • Update spec version from Candidate Recommendation 2018-03-20 to Proposed Recommendation 2018-11-??. This will involve renaming a couple of classes and methods.

Example Usage

See webauthn-server-demo for a complete demo server, which stores authenticator registrations temporarily in memory.


Use the included Gradle wrapper to build the .jar artifact:

$ ./gradlew :webauthn-server-core:jar

The output is built in the webauthn-server-core/build/libs/ directory, and the version is derived from the most recent Git tag. Builds done on a tagged commit will have a plain x.y.z version number, while a build on any other commit will result in a version number containing the abbreviated commit hash.

Although the .jar artifact of this project can be used in JDK version 8 or later, the project as a whole currently builds only in JDK 8. This is because most tests are written in Scala, which currently only supports JDK 8. Therefore compiling the tests can currently only be done in JDK 8, and so ./gradlew build and similar tasks will fail in JDKs other than 8.

To run the tests (requires JDK 8):

$ ./gradlew check

To run the PIT mutation tests (requires JDK 8):

$ ./gradlew pitest