Yubico WebAuthn Starter Kit

WebAuthn is the standard for modern online authentication, combining high security with a simple and easy user experience. Replacing the password with WebAuthn has been a goal frequently stated, but difficult to realize for large deployments. The Yubico WebAuthn Starter Kit was created to provide an identifier first roadmap, simplifying the transition of users to a passwordless WebAuthn experience.

Developer Pain Points

Prior to this project, a developer integrating WebAuthn into their identity provider ran into difficulties finding code examples and documentation that explain:

  • Step-by-step how to adopt WebAuthn and migrate users away from passwords.
  • WebAuthn credential management and lifecycle best practices.

We wanted to make this easier by describing the identifier first authentication flow and providing a reference architecture you can try out and share with others.

The starter kit adds WebAuthn to the AWS Cognito identity provider by integrating Yubico’s java webauthn server library into Cognito’s user pool custom authentication flow. It hosts an example web app on AWS Amplify Console so that you can try out the identifier-first authentication flow.

The Yubico WebAuthn Starter kit is a project anyone can deploy on their own AWS account, providing a powerful tool for anyone looking to test a proof of concept for their organization, empowering them to deliver the vision and promise of WebAuthn with an end-to-end example of how to implement WebAuthn in their own services.