Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/arianvp/webauthn-minimal

Minimal go implementation of a Webauthn L2 relying party
https://github.com/arianvp/webauthn-minimal

Last synced: about 2 months ago
JSON representation

Minimal go implementation of a Webauthn L2 relying party

Host: GitHub
URL: https://github.com/arianvp/webauthn-minimal
Owner: arianvp
License: apache-2.0
Created: 2021-11-09T11:37:40.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2022-10-11T08:46:47.000Z (about 2 years ago)
Last Synced: 2024-10-05T00:41:37.789Z (2 months ago)
Language: Go
Size: 32.2 KB
Stars: 3
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Webauthn-minimial

Webauthn-minimal is an implementation of a Webauthn L2 Relying Party using only the go standard library.

It uses the utility functons `getPublicKey()`, `getPublicKeyAlgorithm()`, and

`getAuthenticatorData()` From the Webauthn L2 spec [5.2.1.1. Easily accessing

credential data](https://www.w3.org/TR/webauthn-2/#sctn-public-key-easy) to be

able to skip doing any complicated parsing of public key formats like COSE or

CBOR at all.  This allows us to make a webauthn implementation using just the

`crypto` package in Go.

The downside is that attestation is not possible to implement (as that requires

you to do the parsing of the public key material during registration). But many

people do not need attestation for their usecase.

The result is a small, opinionated, easily auditable implementation of a

Relying Party. This hopefully contributes to the overall security of the

implementation.

Downside is that not all browsers implement the L2 spec yet. So far only Chrome

and Edge seem supported.