Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-webauthn
🔐 A curated list of awesome WebAuthn and Passkey resources
https://github.com/yackermann/awesome-webauthn
Last synced: 3 days ago
JSON representation
-
Demos
- MasterKale: SimpleWebAuthn Demo - A working instance of the [SimpleWebAuthn example project](https://github.com/MasterKale/SimpleWebAuthn/tree/master/example) showcasing both its server and browser libraries.
- MasterKale: WebAuthn Debugger - A WebAuthn registration and authentication response previewer.
- Auth0: WebAuthn Demo - Probably the best WebAuthn flow demo.
- Yubico: WebAuthn Demo - Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key.
- Firstyear: Webauthn RS demo and compatability tester - A demo of Webauthn using Webauthn-RS, with WASM browser components and an exhaustive device compatibility and stress tester.
- Passwordless.ID WebAuthn lib playground - Register, authenticate and verify WebAuthn credentials using this interactive playground.
- DUO: WebAuthn Demo - A demonstration of the WebAuthn Specification [https://webauthn.io/](https://webauthn.io/).
- Google: WebAuthn Demo - An example Java Relying Party implementation of the WebAuthn specification [https://webauthndemo.appspot.com](https://webauthndemo.appspot.com).
- jcjones: WebAuthn.bin.coffee DEMO - A simple site for testing Web Authentication [https://webauthn.bin.coffee/](https://webauthn.bin.coffee/).
- FIDO Alliance: Interop WebApp - As simple test app for FIDO2 servers.
- Yuriy Ackermann: FIDO2 Demos - A set of demos for ["Introduction to WebAuthn API"](https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285#).
- Shane Weeden: FIDO2 Viewer - This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection.
- Xavier Renard: Webauthn Demo - A working WebAuthn demo based on java Spring Boot and react.js.
- Anders Rundgren: FIDO Web Pay - Public FIDO-based "wallet" demo and associated standards proposal.
- WebAuthn Viewer - A GUI based WebAuthn API response viewer.
- Chris Keogh: dotnetcore IdentityServer4 DEMO - A WebAuthN demo using dotnetcore and the FIDO2.NET library that integrates passwordless auth with [IdentityServer4](https://github.com/IdentityServer/IdentityServer4).
- webauthn-skeleton: Node.js/Koa application - This is a working skeleton of a Node.js/Koa application with passwordless login (Web Authentication API, WebAuthN, FIDO2).
- Dashlane: Android passkey example app - An example Android application that demonstrates native passkey support.
- Yuriy Ackermann: FIDO2 Demos - A set of demos for ["Introduction to WebAuthn API"](https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285#).
-
Server Libraries
- swift-server: webauthn-swift - A Swift library for implementing the WebAuthn specs on server.
- LINE: FIDO2 Server - FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
- Hanko: Passkey Server - FIDO2-certified passkey & WebAuthn server written in Go. Includes a JavaScript client SDK and a passkey provider for Auth.js (Next-Auth).
- WebAuthn.Net - A production-ready, easy-to-use, extensible implementation of WebAuthn for web applications on .NET 6 and .NET 8 + demo.
- WebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verification.
- WebAuthn Go library - WebAuthn library written in Go (replaces the archived and deprecated [DUO: WebAuthn Go library](https://github.com/duo-labs/webauthn)).
- cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying Party.
- MasterKale: @simplewebauthn/server - WebAuthn, Simplified. A TypeScript-first Node.js library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the front end **@simplewebauthn/browser** (see [Client Libs](#client-libs)).
- Eclipse Vert.x: WebAuthn - Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc.
- Madwizard.org: WebAuthn PHP library - WebAuthn server library for PHP.
- Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications.
- Duo: py_webauthn - Pythonic WebAuthn. A Python3 implementation of the WebAuthn API focused on making it easy to leverage the power of WebAuthn.
- Yubico: Java WebAuthn Server - Server-side Web Authentication library for Java.
- webauthn-open-source: FIDO2 lib - A Node.js library for performing FIDO 2.0 / WebAuthn server functionality.
- Nov Matake: Ruby WebAuthn Lib - W3C Web Authentication API (a.k.a. WebAuthn / FIDO2) RP library in Ruby.
- Tangui: Wax - Elixir implementation of WebAuthn.
- Suby Raman: redux-webauthn - Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2).
- Koesie10: WebAuthn - Go/JS WebAuthn Library for easy Server/Client integation.
- SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project.
- Wallix: @webauthn/server - A Node.js library containing easy-to-use helpers to integrate FIDO2. Works in pair with [@webauthn/client](https://github.com/wallix/webauthn/tree/master/packages/client).
- asbiin: laravel-webauthn - A Laravel adapter for the WebAuthn Framework (from Spomky-Labs).
- e3b0c442: warp - A framework-independent Relying Party implemnetation for Go.
- fumieval: webauthn - Fledgling Haskell implementation.
- lbuchs: PHP Webauthn - A simple PHP WebAuthn (FIDO2) server library.
- Robur: webauthn - An IO-agnostic WebAuthn server implementation written in OCaml.
- Passwordless.ID: WebAuthn lib - A simple, minimal, opinionated typescript wrapper around WebAuthn. Features both client side to invoke WebAuthn and server side to verify credentials.
- kanidm: webauthn-rs - An implementation of webauthn components for Rustlang servers.
-
Client Libraries
- MasterKale: @simplewebauthn/browser - WebAuthn, Simplified. A TypeScript-first browser library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the back end **@simplewebauthn/server** (see [Server Libs](#server-libs)). Also works with Duo's py_webauthn.
- Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID.
- Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
- keys.pub: go-libfido2 - Go client library (wraps Yubico: libfido2).
- Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
- Yubico: Mobile Android SDK (YubiKit) - YubiKit is an Android library provided by Yubico to interact with YubiKeys on Android devices. Works with other FIDO2 devices as well.
- Yubico: Mobile iOS SDK (YubiKit) - YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well.
- COTECH: Hardware Security SDK - Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge.
- Corbado: flutter-passkeys - Flutter package to provide passkey authentication for iOS and Android apps.
- WIOSense: rauth-android - Android library for FIDO2 roaming authenticator.
- Corbado: flutter-passkeys - Flutter package to provide passkey authentication for iOS and Android apps.
-
Hardware Authenticators
- SoloKeys - Solo is an open source FIDO2 security key, and you can get one at [https://solokeys.com](https://solokeys.com).
- Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
- Nitrokey - Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories).
- Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.
- Google: OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
- BryanJacobs: FIDO2Applet - FIDO2 CTAP2 Javacard Applet.
- darconeous: u2f-javacard - A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard (More recent fork of [Ledger](https://github.com/LedgerHQ/ledger-u2f-javacard)).
-
Dev tools
- Firstyear: Webauthn RS compatability tester - A webauthn device and browser stress tester that can identify flaws in implementations and has already found bugs in Firefox, Safari, Android and more.
- Shane B Weeden: FIDO2 Postman Clients - FIDO2 Postman clients to easily test your FIDO2 API endpoints.
- MasterKale: WebAuthn Previewer - A simple website for previewing WebAuthn attestations and assertions.
- Descope: VirtualWebAuthn Test Tool - A GO package to automate testing of a relying party WebAuthn server implementation without requiring a browser or an actual authenticator.
- Olivier Potonniée: FIDO MDS Explorer - A user-friendly web UI to explore the FIDO Metadata Service repository, which contains detailed characteristics and attestation certificates of authenticators registered to the FIDO Alliance.
- WebAuthn Playground - A web page (no server) to test WebAuthn operations with configurable parameters, and view/parse responses.
- Passkeys Debugger - A simple website to test different passkeys / WebAuthn server settings and client responses.
-
Tutorials
- Passkeys.dev - A greate guide on starting with passkeys.
- WebAuthn Guide: DUOSEC - Great WebAuthn beginners guide by Suby Raman.
- FIDO Alliance: How To FIDO - A definitive guide on good FIDO UI/UX.
- Yubico Labs: WebAuthn Starter Kit Reference Deployment - How an identifier-first flow helps migrate users towards passwordless. Integrates Yubico's java-webauthn-server with AWS Lambda and AWS Cognito. Includes example web and iOS clients. See [Reference Architecture](https://developers.yubico.com/Developer_Program/WebAuthn_Starter_Kit/).
- Yubico Labs: Securing a Website with Passwordless Authentication - Yubico java discoverable credentials workshop.
-
Articles
- Yuriy Ackermann: WebAuthn/FIDO2 Blog - Great blog for those who wish to go in-depth with WebAuthn.
- Auth0: Introduction to Web Authentication - A fantastic introduction to WebAuthn by folks at Auth0.
- Watahani: のブログ - JP: 技術メモとか料理ネタとか.
- Eiji Kitamura: Credential Management API and best practices - Probably the best CredManAPI guide.
- Ken¥d: のブログ - JP: セキュリティ, Android, Cloud Nativeについてまとめるブログです.
- gebo: CTAP2 お勉強メモ ブログ - 認証,認可,FIDO,CTAP,NFC,BLE,c,c++,c#,Rust,ねこのげぼく.
- 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて) - Yahoo! JAPAN FIDO2 サーバーの仕組みに関するブログ.
- パスワードレス認証WebAuthnの勘所と対応状況 - WebAuthn API と基本的な FIDO 概念の概要.
- パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る - 北村さん、パスワードレスの世界づくりについて語る.
- Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA - This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application.
- Paul Stamatiou: Getting started with security keys - How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. (Less technical but a very usefull article).
- Adam Powers FIDO Alliance: The Truth about Attestation - A woundeful tech article about attestations.
- Henrik Loeser (data-henrik): FIDO2-related blog articles - FIDO2 keys on Linux and for cloud services.
- Stavros Korokithakis: How to use FIDO2 USB authenticators with SSH - Nice tutorial on how to use FIDO2 to authenticate SSH sessions. As short as possible, but as detailed as necessary to understood all important topics (e.g. resident vs. non-resident keys).
- webauthn.wft - A good overview with many detailed links to dig deeper if interested.
- Tim Brust: Security Evaluation of Multi-Factor Authentication in Comparison with the Web Authentication API - A master's thesis comparing WebAuthn with other multi-factor authentication methods, such as HOTP, TOTP or U2F.
- Become Microsoft compatible security key vendor - A official guide to make your security keys Microsoft Entra compatible.
-
Slides
- Yuriy Ackermann: WebAuthn Overview - Introduction to WebAuthn Slide deck from 2019 talks.
- Implementing FIDO on Android Side using com.google.android.gms.fido.fido2 - Great guide for those who want to add passkey support to their Android app.
-
Books
- Getting started with WebAuthn - コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です.
- Password authentication for web and mobile apps - A book by Dmitry Chestnykh @dchest about authentication on web and mobile. Talks in depth about correct password authenticatoin, and additionally introduces to FIDO2/Webauthn.
-
Other
- Passkeys/WebAuthn Cheat Sheet - A 2-sided PDF explaining all relevant objects, concepts and ressources to implement passkeys.
- WebAuthn Wiki - WebAuthn API spec official explainers and wiki
- webauthn-open-source: WebAuthn Logos - Awesome webauthn logos by Adam Powers.
- CTAP2.1 Migration Guide - A guide for those who have CTAP2.0 authenticator, and they want to migrate to CTAP2.1
- State of Passkeys - Info page that shows current data about passkey-readiness of operating systems and browsers
-
Software Authenticators
- Pol Henarejos: pico-fido - This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication
- Damian Czaja: android-webauthn-token - A FIDO2 WebAuthn BLE Android phone token.
- Radoslav Bodó: soft-webauthn - Python software webauthn token.
- adessoSE: softauthn - FIDO2 authenticator emulator/software token in Java.
- Daniel Stiner: Rust U2F - U2F security token emulator written in Rust.
- tjado mäcke: Authorizer - An Android password manager based on psafe3 files which supports FIDO2 WebAuthn over BLE.
- bulwarkid: virtual-fido - virtual-fido is an Golang based commandline application which emulates an USB security token. This can also be used as a library.
- bulwarkid: bulwark-passkeys - Bulwark passkeys is a desktop application written in Golang supporting CTAP2, similar to a platform-based authenticator.
- Firstyear: webauthn-authenticator-rs - Contains a software webauthn token with ephemeral attestation CA allowing richer testing of device policies.
- Fabian Henneke: WearAuthn - FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys.
-
Specifications
- FIDO latest specifications - A right place to find most recent & original FIDO specifications.
- CTAP 2.1 specs - Client to Authenticator protocol v2.1
- WebAuthn draft - Webauthn draft
- CBOR specifications - A CBOR specification page with most recent updates and libraries for using CBOR in various programming languages.
Programming Languages
Categories
Sub Categories
Keywords
webauthn
33
fido2
24
authentication
14
fido
13
security
10
u2f
9
passkeys
8
fido-u2f
7
passkey
6
2fa
5
passwordless
4
java
4
two-factor-authentication
4
webauthn-library
4
yubikey
3
ctap2
3
golang
3
relying-party
3
web-authentication
3
android
3
php
3
python
3
fido2-authenticator
3
rust
2
android-library
2
libfido2
2
cryptography
2
firmware
2
touchid
2
hardware
2
demo
1
browser
1
commonjs
1
deno
1
denoland
1
raspberry-pi-pico
1
esm
1
node
1
typescript
1
umd
1
async
1
jwt
1
oauth
1
oauth2
1
reactive
1
vertx
1
factor-authentication
1
safetynet
1
symfony
1
symfony-bundle
1