{"id":13681883,"url":"https://github.com/duo-labs/webauthn","last_synced_at":"2025-09-28T19:31:22.269Z","repository":{"id":37612228,"uuid":"108435716","full_name":"duo-labs/webauthn","owner":"duo-labs","description":"WebAuthn (FIDO2) server library written in Go ","archived":true,"fork":false,"pushed_at":"2022-12-05T16:42:57.000Z","size":433,"stargazers_count":1027,"open_issues_count":0,"forks_count":162,"subscribers_count":27,"default_branch":"master","last_synced_at":"2024-11-17T12:49:25.101Z","etag":null,"topics":["authentication","fido2","security","u2f","webauthn","webauthn-library"],"latest_commit_sha":null,"homepage":"https://webauthn.io/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/duo-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-26T16:15:55.000Z","updated_at":"2024-11-07T23:42:11.000Z","dependencies_parsed_at":"2023-01-24T06:15:10.085Z","dependency_job_id":null,"html_url":"https://github.com/duo-labs/webauthn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fwebauthn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fwebauthn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fwebauthn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fwebauthn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/duo-labs","download_url":"https://codeload.github.com/duo-labs/webauthn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234555739,"owners_count":18851834,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","fido2","security","u2f","webauthn","webauthn-library"],"created_at":"2024-08-02T13:01:37.310Z","updated_at":"2025-09-28T19:31:16.986Z","avatar_url":"https://github.com/duo-labs.png","language":"Go","funding_links":[],"categories":["Go","Demo"],"sub_categories":[],"readme":"# THIS LIBRARY IS DEPRECATED\r\n\r\nProjects using this library should consider migrating to the community-maintained fork over at [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn). See the [Migration Guide](https://github.com/go-webauthn/webauthn/blob/master/MIGRATION.md) for more information.\r\n\r\nThe original README continues below.\r\n\r\n# WebAuthn Library\r\n=============\r\n[![GoDoc](https://godoc.org/github.com/duo-labs/webauthn?status.svg)](https://godoc.org/github.com/duo-labs/webauthn)\r\n![Build Status](https://github.com/duo-labs/webauthn/workflows/Go/badge.svg)\r\n[![Go Report Card](https://goreportcard.com/badge/github.com/duo-labs/webauthn)](https://goreportcard.com/report/github.com/duo-labs/webauthn)\r\n\r\n\r\nThis library is meant to handle [Web Authentication](https://w3c.github.io/webauthn) for Go apps that wish to implement a passwordless solution for users. While the specification is currently in Candidate Recommendation, this library conforms as much as possible to\r\nthe guidelines and implementation procedures outlined by the document.\r\n\r\n### Demo at webauthn.io\r\nAn implementation of this library can be used at [webauthn.io](https://webauthn.io) and the code for this website can be found in the Duo Labs repository [`webauthn-io`](https://github.com/duo-labs/webauthn.io).\r\n\r\n### Simplified demo\r\nA simplified demonstration of this library can be found [here](https://github.com/hbolimovsky/webauthn-example). It includes a minimal interface and is great for quickly testing out the code. The associated blog post can be found [here](https://www.herbie.dev/blog/webauthn-basic-web-client-server/).\r\n\r\nQuickstart\r\n----------\r\n`go get github.com/duo-labs/webauthn` and initialize it in your application with basic configuration values.\r\n\r\nMake sure your `user` model is able to handle the interface functions laid out in `webauthn/user.go`. This means also supporting the storage and retrieval of the credential and authenticator structs in `webauthn/credential.go` and `webauthn/authenticator.go`, respectively.\r\n\r\n### Initialize the request handler\r\n```golang\r\nimport \"github.com/duo-labs/webauthn/webauthn\"\r\n\r\nvar (\r\n    web *webauthn.WebAuthn\r\n    err error\r\n)\r\n\r\n// Your initialization function\r\nfunc main() {\r\n    web, err = webauthn.New(\u0026webauthn.Config{\r\n        RPDisplayName: \"Duo Labs\", // Display Name for your site\r\n        RPID: \"duo.com\", // Generally the FQDN for your site\r\n        RPOrigin: \"https://login.duo.com\", // The origin URL for WebAuthn requests\r\n        RPIcon: \"https://duo.com/logo.png\", // Optional icon URL for your site\r\n    })\r\n    if err != nil {\r\n        fmt.Println(err)\r\n    }\r\n}\r\n\r\n```\r\n\r\n### Registering an account\r\n\r\n```golang\r\nfunc BeginRegistration(w http.ResponseWriter, r *http.Request) {\r\n    user := datastore.GetUser() // Find or create the new user\r\n    options, sessionData, err := web.BeginRegistration(\u0026user)\r\n    // handle errors if present\r\n    // store the sessionData values\r\n    JSONResponse(w, options, http.StatusOK) // return the options generated\r\n    // options.publicKey contain our registration options\r\n}\r\n\r\nfunc FinishRegistration(w http.ResponseWriter, r *http.Request) {\r\n    user := datastore.GetUser() // Get the user\r\n    // Get the session data stored from the function above\r\n    // using gorilla/sessions it could look like this\r\n    sessionData := store.Get(r, \"registration-session\")\r\n    parsedResponse, err := protocol.ParseCredentialCreationResponseBody(r.Body)\r\n    credential, err := web.CreateCredential(\u0026user, sessionData, parsedResponse)\r\n    // Handle validation or input errors\r\n    // If creation was successful, store the credential object\r\n    JSONResponse(w, \"Registration Success\", http.StatusOK) // Handle next steps\r\n}\r\n```\r\n\r\n### Logging into an account\r\n```golang\r\nfunc BeginLogin(w http.ResponseWriter, r *http.Request) {\r\n    user := datastore.GetUser() // Find the user\r\n    options, sessionData, err := webauthn.BeginLogin(\u0026user)\r\n    // handle errors if present\r\n    // store the sessionData values\r\n    JSONResponse(w, options, http.StatusOK) // return the options generated\r\n    // options.publicKey contain our registration options\r\n}\r\n\r\nfunc FinishLogin(w http.ResponseWriter, r *http.Request) {\r\n    user := datastore.GetUser() // Get the user\r\n    // Get the session data stored from the function above\r\n    // using gorilla/sessions it could look like this\r\n    sessionData := store.Get(r, \"login-session\")\r\n    parsedResponse, err := protocol.ParseCredentialRequestResponseBody(r.Body)\r\n    credential, err := webauthn.ValidateLogin(\u0026user, sessionData, parsedResponse)\r\n    // Handle validation or input errors\r\n    // If login was successful, handle next steps\r\n    JSONResponse(w, \"Login Success\", http.StatusOK)\r\n}\r\n```\r\n\r\nModifying Credential Options\r\n----------------------------\r\nYou can modify the default credential creation options for registration and login by providing optional structs to the `BeginRegistration` and `BeginLogin` functions.\r\n\r\n### Registration modifiers\r\nYou can modify the registration options in the following ways:\r\n```golang\r\n// Wherever you handle your WebAuthn requests\r\nimport \"github.com/duo-labs/webauthn/protocol\"\r\nimport \"github.com/duo-labs/webauthn/webauthn\"\r\n\r\nvar webAuthnHandler webauthn.WebAuthn // init this in your init function\r\n\r\nfunc beginRegistration() {\r\n    // Updating the AuthenticatorSelection options.\r\n    // See the struct declarations for values\r\n    authSelect := protocol.AuthenticatorSelection{\r\n\t\tAuthenticatorAttachment: protocol.AuthenticatorAttachment(\"platform\"),\r\n\t\tRequireResidentKey: protocol.ResidentKeyUnrequired(),\r\n        UserVerification: protocol.VerificationRequired\r\n    }\r\n\r\n    // Updating the ConveyencePreference options.\r\n    // See the struct declarations for values\r\n    conveyancePref := protocol.ConveyancePreference(protocol.PreferNoAttestation)\r\n\r\n    user := datastore.GetUser() // Get the user\r\n    opts, sessionData, err webAuthnHandler.BeginRegistration(\u0026user, webauthn.WithAuthenticatorSelection(authSelect), webauthn.WithConveyancePreference(conveyancePref))\r\n\r\n    // Handle next steps\r\n}\r\n\r\n```\r\n\r\n### Login modifiers\r\nYou can modify the login options to allow only certain credentials:\r\n```golang\r\n// Wherever you handle your WebAuthn requests\r\nimport \"github.com/duo-labs/webauthn/protocol\"\r\nimport \"github.com/duo-labs/webauthn/webauthn\"\r\n\r\nvar webAuthnHandler webauthn.WebAuthn // init this in your init function\r\n\r\nfunc beginLogin() {\r\n    // Updating the AuthenticatorSelection options.\r\n    // See the struct declarations for values\r\n    allowList := make([]protocol.CredentialDescriptor, 1)\r\n    allowList[0] = protocol.CredentialDescriptor{\r\n        CredentialID: credentialToAllowID,\r\n        Type: protocol.CredentialType(\"public-key\"),\r\n    }\r\n\r\n    user := datastore.GetUser() // Get the user\r\n\r\n    opts, sessionData, err := webAuthnHandler.BeginLogin(\u0026user, webauthn.wat.WithAllowedCredentials(allowList))\r\n\r\n    // Handle next steps\r\n}\r\n\r\n```\r\n\r\nAcknowledgements\r\n----------------\r\nI could not have made this library without the work of [Jordan Wright](https://twitter.com/jw_sec) and the designs done for our demo site by [Emily Rosen](http://www.emiroze.design/). When I began refactoring this library in December 2018, [Koen Vlaswinkel's](https://github.com/koesie10) Golang WebAuthn library really helped set me in the right direction. A huge thanks to [Alex Seigler](https://github.com/aseigler) for his continuing work on this WebAuthn library and many others. Thanks to everyone who submitted issues and pull requests to help make this library what it is today!\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduo-labs%2Fwebauthn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fduo-labs%2Fwebauthn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduo-labs%2Fwebauthn/lists"}