diff --git a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc index 9b0cd52356..4e3f58607d 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc @@ -60,6 +60,7 @@ Java:: ---- @Bean SecurityFilterChain filterChain(HttpSecurity http) { + // ... http // ... .formLogin(withDefaults()) @@ -67,6 +68,8 @@ SecurityFilterChain filterChain(HttpSecurity http) { .rpName("Spring Security Relying Party") .rpId("example.com") .allowedOrigins("https://example.com") + // optional properties + .creationOptionsRepository(new CustomPublicKeyCredentialCreationOptionsRepository()) ); return http.build(); } @@ -89,11 +92,14 @@ Kotlin:: ---- @Bean open fun filterChain(http: HttpSecurity): SecurityFilterChain { + // ... http { webAuthn { rpName = "Spring Security Relying Party" rpId = "example.com" allowedOrigins = setOf("https://example.com") + // optional properties + creationOptionsRepository = CustomPublicKeyCredentialCreationOptionsRepository() } } } @@ -110,6 +116,36 @@ open fun userDetailsService(): UserDetailsService { ---- ====== +[[passkeys-configuration-pkccor]] +=== Custom PublicKeyCredentialCreationOptionsRepository + +The `PublicKeyCredentialCreationOptionsRepository` is used to persist the `PublicKeyCredentialCreationOptions` between requests. +The default is to persist it the `HttpSession`, but at times users may need to customize this behavior. +This can be done by setting the optional property `creationOptionsRepository` demonstrated in xref:./passkeys.adoc#passkeys-configuration[Configuration] or by exposing a `PublicKeyCredentialCreationOptionsRepository` Bean: + +[tabs] +====== +Java:: ++ +[source,java,role="primary"] +---- +@Bean +CustomPublicKeyCredentialCreationOptionsRepository creationOptionsRepository() { + return new CustomPublicKeyCredentialCreationOptionsRepository(); +} +---- + +Kotlin:: ++ +[source,kotlin,role="secondary"] +---- +@Bean +open fun creationOptionsRepository(): CustomPublicKeyCredentialCreationOptionsRepository { + return CustomPublicKeyCredentialCreationOptionsRepository() +} +---- +====== + [[passkeys-register]] == Register a New Credential diff --git a/docs/modules/ROOT/pages/whats-new.adoc b/docs/modules/ROOT/pages/whats-new.adoc index 0fc13497b5..a07394496f 100644 --- a/docs/modules/ROOT/pages/whats-new.adoc +++ b/docs/modules/ROOT/pages/whats-new.adoc @@ -14,3 +14,7 @@ Note that this may affect reports that operate on this key name. == OAuth * https://github.com/spring-projects/spring-security/pull/16386[gh-16386] - Enable PKCE for confidential clients using `ClientRegistration.clientSettings.requireProofKey=true` for xref:servlet/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[servlet] and xref:reactive/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[reactive] applications + +== WebAuthn + +* https://github.com/spring-projects/spring-security/pull/16396[gh-16396] - Added the ability to configure a custom xref:servlet/authentication/passkeys.adoc#passkeys-configuration-pkccor[`PublicKeyCredentialCreationOptionsRepository`]