Skip to content

Latest commit

 

History

History
195 lines (168 loc) · 24.7 KB

README.md

File metadata and controls

195 lines (168 loc) · 24.7 KB

🔐 WebAuthn and Passkeys Awesome Awesome

Curated list of tools and projects related to WebAuthn and Passkeys

WebAuthn is a W3C standard that allows users to authenticate to websites using their preferred device. WebAuthn is supported by most browsers and platforms, and can be used with FIDO2, CTAP, U2F, and other devices.

Passkey is an umbrella term that basically means FIDO.

Contributions welcome. Add links through pull requests or create an issue to start a discussion. Please read the contribution guidelines before contributing.

Contents

Demos

Server Libraries

Client Libraries

Software Authenticators

Hardware Authenticators

  • FIDO CERTIFIED™ SoloKeys - Solo is an open source FIDO2 security key, and you can get one at https://solokeys.com.
  • FIDO CONFORMANT Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.
  • Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
  • Google: OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
  • Nitrokey - Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories).
  • BryanJacobs: FIDO2Applet - FIDO2 CTAP2 Javacard Applet.
  • darconeous: u2f-javacard - A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard (More recent fork of Ledger).

Dev tools

Specifications

Tutorials

Articles

Slides

Books

Other

FAQ

What is FIDO CERTIFIED™?

FIDO CERTIFIED means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification. A registered FIDO Alliance Trademark.

What is FIDO CONFORMANT?

FIDO CONFORMANT means that implementation has passed FIDO conformance tools (as reported by the author), thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it here https://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet @herrjemand with a screenshot of passing the tests.

FIDO2 or WebAuthn?

FIDO2 is the name of the standard. WebAuthn is just browser JS API to talk to the authenticators. So correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".

I would like to advertise my company product here!

Please don't. The advertisement you can get is by writing a good, deep, technical article, or open sourcing your server or/and tools is much better for you, than cheap show off. People will buy your company product if you show them that you know what you are doing.

Otherwise we have strict no ads policy. We will only link to open source repos and actual articles. No company websites.