🔐 A curated list of awesome WebAuthn and Passkey resources
Curated list of tools and projects related to WebAuthn and Passkeys
WebAuthn is a W3C standard that allows users to authenticate to websites using their preferred device. WebAuthn is supported by most browsers and platforms, and can be used with FIDO2, CTAP, U2F, and other devices.
Passkey is an umbrella term that basically means FIDO.
Contributions welcome. Add links through pull requests or create an issue to start a discussion. Please read the contribution guidelines before contributing.
FIDO CERTIFIED™
LINE: FIDO2 Server - FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.FIDO CONFORMANT
Anders Åberg: .NET library for FIDO2 - A working implementation library + demo for fido2 and WebAuthn using .NET.FIDO CONFORMANT
WebAuthn.Net - A production-ready, easy-to-use, extensible implementation of WebAuthn for web applications on .NET 6 and .NET 8 + demo.FIDO CONFORMANT
WebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verification.FIDO CONFORMANT
WebAuthn Go library - WebAuthn library written in Go (replaces the archived and deprecated DUO: WebAuthn Go library).FIDO CONFORMANT
cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying Party.FIDO CONFORMANT
MasterKale: @simplewebauthn/server - WebAuthn, Simplified. A TypeScript-first Node.js library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the front end @simplewebauthn/browser (see Client Libs).FIDO CONFORMANT
Eclipse Vert.x: WebAuthn - Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc.FIDO CONFORMANT
Madwizard.org: WebAuthn PHP library - WebAuthn server library for PHP.FIDO CONFORMANT
Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications.FIDO CERTIFIED™
SoloKeys - Solo is an open source FIDO2 security key, and you can get one at https://solokeys.com.FIDO CONFORMANT
Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.What is FIDO CERTIFIED™
?
FIDO CERTIFIED
means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification. A registered FIDO Alliance Trademark.
What is FIDO CONFORMANT
?
FIDO CONFORMANT
means that implementation has passed FIDO conformance tools (as reported by the author), thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it here https://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet @herrjemand with a screenshot of passing the tests.
FIDO2 or WebAuthn?
FIDO2 is the name of the standard. WebAuthn is just browser JS API to talk to the authenticators. So correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".
I would like to advertise my company product here!
Please don't. The advertisement you can get is by writing a good, deep, technical article, or open sourcing your server or/and tools is much better for you, than cheap show off. People will buy your company product if you show them that you know what you are doing.
Otherwise we have strict no ads policy. We will only link to open source repos and actual articles. No company websites.