awesome-webauthn
🔐 A curated list of awesome WebAuthn and Passkey resources
https://github.com/yackermann/awesome-webauthn
Last synced: 2 days ago
JSON representation
-
Demos
- MasterKale: SimpleWebAuthn Demo - A working instance of the [SimpleWebAuthn example project](https://github.com/MasterKale/SimpleWebAuthn/tree/master/example) showcasing both its server and browser libraries.
- MasterKale: WebAuthn Debugger - A WebAuthn registration and authentication response previewer.
- Auth0: WebAuthn Demo - Probably the best WebAuthn flow demo.
- Yubico: WebAuthn Demo - Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key.
- Firstyear: Webauthn RS demo and compatability tester - A demo of Webauthn using Webauthn-RS, with WASM browser components and an exhaustive device compatibility and stress tester.
- Passwordless.ID WebAuthn lib playground - Register, authenticate and verify WebAuthn credentials using this interactive playground.
- DUO: WebAuthn Demo - A demonstration of the WebAuthn Specification [https://webauthn.io/](https://webauthn.io/).
- Google: WebAuthn Demo - An example Java Relying Party implementation of the WebAuthn specification [https://webauthndemo.appspot.com](https://webauthndemo.appspot.com).
- jcjones: WebAuthn.bin.coffee DEMO - A simple site for testing Web Authentication [https://webauthn.bin.coffee/](https://webauthn.bin.coffee/).
- FIDO Alliance: Interop WebApp - As simple test app for FIDO2 servers.
- Shane Weeden: FIDO2 Viewer - This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection.
- Xavier Renard: Webauthn Demo - A working WebAuthn demo based on java Spring Boot and react.js.
- Anders Rundgren: FIDO Web Pay - Public FIDO-based "wallet" demo and associated standards proposal.
- WebAuthn Viewer - A GUI based WebAuthn API response viewer.
- Chris Keogh: dotnetcore IdentityServer4 DEMO - A WebAuthN demo using dotnetcore and the FIDO2.NET library that integrates passwordless auth with [IdentityServer4](https://github.com/IdentityServer/IdentityServer4).
- webauthn-skeleton: Node.js/Koa application - This is a working skeleton of a Node.js/Koa application with passwordless login (Web Authentication API, WebAuthN, FIDO2).
- Dashlane: Android passkey example app - An example Android application that demonstrates native passkey support.
- Anders Åberg: .NET library for FIDO2 Demo - A working implementation library + demo for FIDO2 and WebAuthn using .NET [https://fido2-net-lib.passwordless.dev/](https://fido2-net-lib.passwordless.dev/).
- Yuriy Ackermann: FIDO2 Demos - A set of demos for ["Introduction to WebAuthn API"](https://medium.com/@yackermann/introduction-to-webauthn-api-5fd1fb46c285#).
- Spomky-Labs: Webauthn Demo - a demo based on Symfony and the PHP framework [web-auth/webauthn-framework](https://github.com/web-auth/webauthn-framework).
-
Server Libraries
- swift-server: webauthn-swift - A Swift library for implementing the WebAuthn specs on server.
- LINE: FIDO2 Server - FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
- Hanko: Passkey Server - FIDO2-certified passkey & WebAuthn server written in Go. Includes a JavaScript client SDK and a passkey provider for Auth.js (Next-Auth).
- WebAuthn.Net - A production-ready, easy-to-use, extensible implementation of WebAuthn for web applications on .NET 6 and .NET 8 + demo.
- WebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verification.
- WebAuthn Go library - WebAuthn library written in Go (replaces the archived and deprecated [DUO: WebAuthn Go library](https://github.com/duo-labs/webauthn)).
- cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying Party.
- MasterKale: @simplewebauthn/server - WebAuthn, Simplified. A TypeScript-first Node.js library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the front end **@simplewebauthn/browser** (see [Client Libs](#client-libs)).
- Eclipse Vert.x: WebAuthn - Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc.
- Madwizard.org: WebAuthn PHP library - WebAuthn server library for PHP.
- Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications.
- Duo: py_webauthn - Pythonic WebAuthn. A Python3 implementation of the WebAuthn API focused on making it easy to leverage the power of WebAuthn.
- Yubico: Java WebAuthn Server - Server-side Web Authentication library for Java.
- webauthn-open-source: FIDO2 lib - A Node.js library for performing FIDO 2.0 / WebAuthn server functionality.
- Nov Matake: Ruby WebAuthn Lib - W3C Web Authentication API (a.k.a. WebAuthn / FIDO2) RP library in Ruby.
- Tangui: Wax - Elixir implementation of WebAuthn.
- Suby Raman: redux-webauthn - Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2).
- Koesie10: WebAuthn - Go/JS WebAuthn Library for easy Server/Client integation.
- SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project.
- Wallix: @webauthn/server - A Node.js library containing easy-to-use helpers to integrate FIDO2. Works in pair with [@webauthn/client](https://github.com/wallix/webauthn/tree/master/packages/client).
- asbiin: laravel-webauthn - A Laravel adapter for the WebAuthn Framework (from Spomky-Labs).
- e3b0c442: warp - A framework-independent Relying Party implemnetation for Go.
- fumieval: webauthn - Fledgling Haskell implementation.
- lbuchs: PHP Webauthn - A simple PHP WebAuthn (FIDO2) server library.
- Robur: webauthn - An IO-agnostic WebAuthn server implementation written in OCaml.
- Passwordless.ID: WebAuthn lib - A simple, minimal, opinionated typescript wrapper around WebAuthn. Features both client side to invoke WebAuthn and server side to verify credentials.
- kanidm: webauthn-rs - An implementation of webauthn components for Rustlang servers.
- Robur: webauthn - An IO-agnostic WebAuthn server implementation written in OCaml.
- SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project.
- swift-server: webauthn-swift - A Swift library for implementing the WebAuthn specs on server.
-
Client Libraries
- MasterKale: @simplewebauthn/browser - WebAuthn, Simplified. A TypeScript-first browser library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the back end **@simplewebauthn/server** (see [Server Libs](#server-libs)). Also works with Duo's py_webauthn.
- Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
- keys.pub: go-libfido2 - Go client library (wraps Yubico: libfido2).
- Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
- Yubico: Mobile Android SDK (YubiKit) - YubiKit is an Android library provided by Yubico to interact with YubiKeys on Android devices. Works with other FIDO2 devices as well.
- Yubico: Mobile iOS SDK (YubiKit) - YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well.
- COTECH: Hardware Security SDK - Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge.
- Corbado: flutter-passkeys - Flutter package to provide passkey authentication for iOS and Android apps.
- WIOSense: rauth-android - Android library for FIDO2 roaming authenticator.
- Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID.
- Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
- Mozilla: authenticator-rs - Rust library to interact with Security Keys, used by Firefox.
- COTECH: Hardware Security SDK - Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge.
- Corbado: flutter-passkeys - Flutter package to provide passkey authentication for iOS and Android apps.
-
Hardware Authenticators
- SoloKeys - Solo is an open source FIDO2 security key, and you can get one at [https://solokeys.com](https://solokeys.com).
- Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
- Nitrokey - Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories).
- Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.
- Google: OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
- BryanJacobs: FIDO2Applet - FIDO2 CTAP2 Javacard Applet.
- darconeous: u2f-javacard - A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard (More recent fork of [Ledger](https://github.com/LedgerHQ/ledger-u2f-javacard)).
-
Dev tools
- Firstyear: Webauthn RS compatability tester - A webauthn device and browser stress tester that can identify flaws in implementations and has already found bugs in Firefox, Safari, Android and more.
- Shane B Weeden: FIDO2 Postman Clients - FIDO2 Postman clients to easily test your FIDO2 API endpoints.
- MasterKale: WebAuthn Previewer - A simple website for previewing WebAuthn attestations and assertions.
- Descope: VirtualWebAuthn Test Tool - A GO package to automate testing of a relying party WebAuthn server implementation without requiring a browser or an actual authenticator.
- WebAuthn Playground - A web page (no server) to test WebAuthn operations with configurable parameters, and view/parse responses.
- Passkeys Debugger - A simple website to test different passkeys / WebAuthn server settings and client responses.
- Olivier Potonniée: FIDO MDS Explorer - A user-friendly web UI to explore the FIDO Metadata Service repository, which contains detailed characteristics and attestation certificates of authenticators registered to the FIDO Alliance.
- Martin Paljak: YAFU - Yet Another FIDO Utility - Java library and CLI utility for working with CTAP devices over USBHID and NFC
-
Tutorials
- Passkeys.dev - A greate guide on starting with passkeys.
- WebAuthn Guide: DUOSEC - Great WebAuthn beginners guide by Suby Raman.
- FIDO Alliance: How To FIDO - A definitive guide on good FIDO UI/UX.
- Yubico Labs: WebAuthn Starter Kit Reference Deployment - How an identifier-first flow helps migrate users towards passwordless. Integrates Yubico's java-webauthn-server with AWS Lambda and AWS Cognito. Includes example web and iOS clients. See [Reference Architecture](https://developers.yubico.com/Developer_Program/WebAuthn_Starter_Kit/).
- Yubico Labs: Securing a Website with Passwordless Authentication - Yubico java discoverable credentials workshop.
-
Articles
- Yuriy Ackermann: WebAuthn/FIDO2 Blog - Great blog for those who wish to go in-depth with WebAuthn.
- Auth0: Introduction to Web Authentication - A fantastic introduction to WebAuthn by folks at Auth0.
- Eiji Kitamura: Credential Management API and best practices - Probably the best CredManAPI guide.
- Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA - This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application.
- Paul Stamatiou: Getting started with security keys - How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. (Less technical but a very usefull article).
- Adam Powers FIDO Alliance: The Truth about Attestation - A woundeful tech article about attestations.
- Henrik Loeser (data-henrik): FIDO2-related blog articles - FIDO2 keys on Linux and for cloud services.
- Stavros Korokithakis: How to use FIDO2 USB authenticators with SSH - Nice tutorial on how to use FIDO2 to authenticate SSH sessions. As short as possible, but as detailed as necessary to understood all important topics (e.g. resident vs. non-resident keys).
- webauthn.wft - A good overview with many detailed links to dig deeper if interested.
- Tim Brust: Security Evaluation of Multi-Factor Authentication in Comparison with the Web Authentication API - A master's thesis comparing WebAuthn with other multi-factor authentication methods, such as HOTP, TOTP or U2F.
- Become Microsoft compatible security key vendor - A official guide to make your security keys Microsoft Entra compatible.
- Watahani: のブログ - JP: 技術メモとか料理ネタとか.
- Ken¥d: のブログ - JP: セキュリティ, Android, Cloud Nativeについてまとめるブログです.
- gebo: CTAP2 お勉強メモ ブログ - 認証,認可,FIDO,CTAP,NFC,BLE,c,c++,c#,Rust,ねこのげぼく.
- 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて) - Yahoo! JAPAN FIDO2 サーバーの仕組みに関するブログ.
- パスワードレス認証WebAuthnの勘所と対応状況 - WebAuthn API と基本的な FIDO 概念の概要.
- パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る - 北村さん、パスワードレスの世界づくりについて語る.
-
Slides
- Yuriy Ackermann: WebAuthn Overview - Introduction to WebAuthn Slide deck from 2019 talks.
- Implementing FIDO on Android Side using com.google.android.gms.fido.fido2 - Great guide for those who want to add passkey support to their Android app.
-
Books
- Password authentication for web and mobile apps - A book by Dmitry Chestnykh @dchest about authentication on web and mobile. Talks in depth about correct password authenticatoin, and additionally introduces to FIDO2/Webauthn.
- Getting started with WebAuthn - コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です.
-
Other
- Passkeys/WebAuthn Cheat Sheet - A 2-sided PDF explaining all relevant objects, concepts and ressources to implement passkeys.
- WebAuthn Wiki - WebAuthn API spec official explainers and wiki
- webauthn-open-source: WebAuthn Logos - Awesome webauthn logos by Adam Powers.
- CTAP2.1 Migration Guide - A guide for those who have CTAP2.0 authenticator, and they want to migrate to CTAP2.1
- State of Passkeys - Info page that shows current data about passkey-readiness of operating systems and browsers
- DaryScam Project - Anti-phishing passkeys demos for instant messaging apps
-
Software Authenticators
- Pol Henarejos: pico-fido - This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication
- Damian Czaja: android-webauthn-token - A FIDO2 WebAuthn BLE Android phone token.
- Radoslav Bodó: soft-webauthn - Python software webauthn token.
- adessoSE: softauthn - FIDO2 authenticator emulator/software token in Java.
- Daniel Stiner: Rust U2F - U2F security token emulator written in Rust.
- bulwarkid: virtual-fido - virtual-fido is an Golang based commandline application which emulates an USB security token. This can also be used as a library.
- bulwarkid: bulwark-passkeys - Bulwark passkeys is a desktop application written in Golang supporting CTAP2, similar to a platform-based authenticator.
- Firstyear: webauthn-authenticator-rs - Contains a software webauthn token with ephemeral attestation CA allowing richer testing of device policies.
- tjado mäcke: Authorizer - An Android password manager based on psafe3 files which supports FIDO2 WebAuthn over BLE.
- Fabian Henneke: WearAuthn - FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys.
- Peter Sanford: TPM FIDO - tpm-fido is FIDO token implementation for Linux that protects the token keys by using your system's TPM.
- Scott Leggett: PIV Agent - An SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey).
-
Specifications
- FIDO latest specifications - A right place to find most recent & original FIDO specifications.
- CTAP 2.1 specs - Client to Authenticator protocol v2.1
- WebAuthn draft - Webauthn draft
- CBOR specifications - A CBOR specification page with most recent updates and libraries for using CBOR in various programming languages.
- Credential Exchange Specifications - Credential Exchange Protocol (CXP) & Credential Exchange Format (CXF), working drafts
-
FAQ
Programming Languages
Categories
Sub Categories
Keywords
webauthn
36
fido2
27
authentication
14
fido
13
security
11
u2f
10
passkeys
9
passkey
7
fido-u2f
7
java
6
2fa
5
passwordless
5
two-factor-authentication
4
fido2-authenticator
4
yubikey
4
android
4
relying-party
4
webauthn-library
4
ctap2
4
php
3
golang
3
example
3
python
3
web-authentication
3
rust
2
hardware
2
go
2
pgp
2
android-library
2
libfido2
2
cryptography
2
firmware
2
hid
2
touchid
2
spring-boot
2
gpg
2
u2f-protocol
1
browser
1
commonjs
1
symfony-bundle
1
deno
1
denoland
1
symfony
1
esm
1
safetynet
1
factor-authentication
1
vertx
1
node
1
typescript
1
umd
1