Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
WebAuthn in a Java-based Vaadin Framework or Flow app?
This week brought the announcement of the FIDO2 and WebAuthn standards for authenticating users via FIDO-based authentication directly through web browsers. Google, Mozilla, and Microsoft all committed to supporting the functionality in their flagship browsers. Supposedly, users will be able to log into a growing number of web accounts via fingerprint scan, facial recognition, or hardware key.
I am wondering if this might be used for user-authentication in a Java-based Vaadin app, either in Vaadin 8 (Framework) or Vaadin 10 (Flow).
Spec: Web Authentication: An API for accessing Public Key Credentials Level 1 W3C Candidate Recommendation, 20 March 2018 https://www.w3.org/TR/webauthn/
Working group: https://webencrypt.org/webauthn/
Experimental site: https://webauthn.io
FIDO Alliance: https://fidoalliance.org
FIDO2 project: WebAuthn + CTAP https://fidoalliance.org/fido2/
Webauthn Signals The Beginning Of The End For Passwords https://www.lifehacker.com.au/2018/04/webauthn-signals-the-beginning-of-the-end-for-passwords/
Yubico Launches New Hardware Key for FIDO2, WebAuthn Standards https://mobileidworld.com/yubico-hardware-key-fido2-webauthn-904104/
please excuse the somewhat late answer. I came here because I needed to find out about the current situation myself.
Vaadin is about UI in the first place, so that's our focus. When there is JS API then of course this can all be used from client-side Vaadin components, even controlled from the server side. This is the case for both Vaadin Framework (<=8) and Platform (>=10), the latter also known as Vaadin10+ or Flow.
However, where we find only partial or half-hearted implementations, we can only build on top of abstraction libraries like Atmosphere or Polymer. Where these libraries do not exist, one is on their own writing one.
For your specific question, please see https://caniuse.com/#search=web%20authentication That means, Web Authentication is not yet implemented in all the major browsers (and hence there cannot even be a somewhat complete abstracting library yet).
In short - no, there is no Web Auth in Vaadin.
The good part is, you can always "reach down" directly to the APIs provided by the browser(s) you are targeting. Using Vaadin's Add-On mechanism, please commit your solution to the Vaadin Directory to share it with the rest of the community. https://vaadin.com/directory
PS: Check https://vaadin.com/components/vaadin-login regularly - modern web-usable auth mechanisms can be seen in Vaadin here first.