• Stars
    star
    1,351
  • Rank 34,773 (Top 0.7 %)
  • Language
  • License
    Creative Commons ...
  • Created almost 6 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔐 A curated list of awesome WebAuthn and Passkey resources

WebAuthn and Passkey Awesome Awesome

Demos

Server Libs

Client Libs

  • Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID
  • Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
  • keys.pub: go-libfido2 - Go client library (wraps Yubico: libfido2)
  • Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
  • Yubico: Mobile iOS SDK (YubiKit) - YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well
  • Mozilla: authenticator-rs - Rust library to interact with Security Keys, used by Firefox
  • Firstyear: webauthn-authenticator-rs - Rust library for interacting with Security Keys, based on authenticator-rs, but with extensions to support CTAP2.1 and NFC
  • COTECH: Hardware Security SDK - Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge.
  • MasterKale: @simplewebauthn/browser - WebAuthn, Simplified. A TypeScript-first browser library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the back end @simplewebauthn/server (see Server Libs). Also works with Duo's py_webauthn.

Software Authenticators

Hardware Authenticators

  • FIDO CERTIFIED™ SoloKeys - Solo is an open source FIDO2 security key, and you can get one at solokeys.com
  • FIDO CONFORMANT Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.
  • Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
  • Google: OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
  • Nitrokey - Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories).

Dev tools

  • Shane B Weeden: FIDO2 Postman Clients - FIDO2 Postman clients to easily test your FIDO2 API endpoints.
  • MasterKale: WebAuthn Previewer - A simple website for previewing WebAuthn attestations and assertions
  • Firstyear: Webauthn RS compatability tester - A webauthn device and browser stress tester that can identify flaws in implementations and has already found bugs in Firefox, Safari, Android and more.
  • Descope: VirtualWebAuthn Test Tool - A GO package to automate testing of a relying party WebAuthn server implementation without requiring a browser or an actual authenticator.
  • FIDO MDS Explorer - A user-friendly web UI to explore the FIDO Metadata Service repository, which contains detailed characteristics and attestation certificates of authenticators registered to the FIDO Alliance.
  • WebAuthn Playground - A web page (no server) to test WebAuthn operations with configurable parameters, and view/parse responses.

Resources

Tutorials

Articles

Slides

Books

Other

FAQ

  • What is FIDO CERTIFIED™?

FIDO CERTIFIED means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification. A registered FIDO Alliance Trademark.

  • What is FIDO CONFORMANT?

FIDO CONFORMANT means that implementation has passed FIDO conformance tools (as reported by the author), thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it here https://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet @herrjemand with a screenshot of passing the tests.

  • FIDO2 or WebAuthn?

FIDO2 is the name of the standard. WebAuthn is just browser JS API to talk to the authenticators. So correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".

  • I would like to advertise my company product here!

Please don't. The advertisement you can get is by writing a good, deep, technical article, or open sourcing your server or/and tools is much better for you, than cheap show off. People will buy your company product if you show them that you know what you are doing.

Otherwise we have strict no ads policy. We will only link to open source repos and actual articles. No company websites.

License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.