WebAuthn Swift is an open-source implementation of the WebAuthn 2.0 standard for secure and password-less authentication in mobile applications. It is built with Swift and seamlessly integrates with native iOS apps. The WebAuthn Swift enables developers to effortlessly integrate advanced authentication mechanisms, streamlining the login process and providing strong security solutions for a wide range of application requirements and user scenarios.
PublicKeyCredential protocol
is based on the WebAuthn 2.0 standard. This credential can be used for secure
authentication using an asymmetric key pair instead of using a password. The
protocol includes create() and get() methods for registration and
authentication.
create(): This method allows you to register a user credential by generating an asymmetric key pair. The private key is securely stored on the client side, while the public key is stored by the relying party.get(): This method allows you to authenticate a user by communicating with a relying party using a previously registered credential.
We offer two classes that inherit from PublicKeyCredential. Each class uses
different types of authenticators.
- Biometric: Manages public key credentials using the biometric authenticator. It facilitates secure user authentication by leveraging biometric features such as Touch ID or Face ID on supported devices.
- DeviceCredential: Manages public key credentials using the device credential authenticator. It enables secure user authentication by utilizing biometry or a passcode. If biometry is available, the system uses that first. If not, the system prompts the user for the device passcode or user's password.
RelyingParty protocol is
essential for facilitating communication with your relying party which is a
server providing access to a secured software application.
CredentialSourceStorage is a protocol
that defines the behavior of a database for handling a public key credential
source and its signature counter.
- Swift >= 5.9
Add the following entry in your Package.swift to start using WebAuthn:
.package(url: "https://github.com/line/webauthn-swift.git", from: "1.0.0")and WebAuthn dependency to your target:
.target(name: "MyApp", dependencies: [.product(name: "WebAuthn", package: "webauthn-swift")])If you want to use a public key credential, you need to define your relying party and credential source storage in advance. To get started with your implementation, we recommend checking out a sample application available on GitHub. This sample provides a practical example of how to implement each class inheriting each protocol in a real-world application.
You need to create a relying party class inheriting RelyingParty protocol. We
strongly recommend to see the real implementation of relying party.
You need to create a credential source storage class inheriting
CredentialSourceStorage protocol. You need to store the following data
contained in PublicKeyCredentialSource
and a signature counter for each credential source at a minimum.
We strongly recommend to see the real implementation using SQLite3.
Once you have your relying party, credential storage, and key storage implementation ready, you can initialize the public key credential.
let rp = YourRelyingParty()
let db = YourCredentialSourceStorage()
// You can use a biometric for public key credential.
let credential = Biometric(rp, db)
// ,or you can use a device credential for public key credential.
let credential = DeviceCredential(rp, db) Call create() method to create an asymmetric key pair and register a user.
let options: yourRegistrationOptions = ...
let signUp: Result<Bool, Error> = await credential.create(options)You can use the performAsyncTask method to execute the task asynchronously.
credential.performAsyncTask {
let signUp = await credential.create(options)
}Call get() method to authenticate a user using existing credential.
let options: yourAuthenticationOptions = ...
let signIn: Result<Bool, Error> = await credential.get(options)You can also use the performAsyncTask method to execute the task
asynchronously.
credential.performAsyncTask {
let signIn = await credential.get(options)
}We are committed to open-sourcing our work to support your use cases. We want to know how you use this library and what problems it helps you to solve. For communication, we encourage you to use the Issues section of our GitHub repository to report issues, suggest enhancements, or ask questions about the library. This will help us to address your concerns more efficiently and allow the community to benefit from your input.
Please refrain from posting any sensitive or confidential information in the issues. If you need to discuss something sensitive, please mention that in your issue, and we will find a more secure way to communicate.
