WebAuthn server library decoupled from http for easy intergration, provides WebAuthn registration and authentication for clients using FIDO2 keys, FIDO U2F keys, TPM, etc.
Changes include:
This WebAuthn server library provides registration and authentication for clients using FIDO2 keys, FIDO U2F keys, TPM, and etc.
It's decoupled from net/http
and doesn't force you to use a framework. So it's easy to use in existing projects.
It's modular so you only import the attestation formats you need. This helps your software avoid bloat.
Six attestation formats are provided: fidou2f, androidkeystore, androidsafetynet, packed, tpm, and none.
It doesn't import unreliable packages. It imports fxamacker/cbor because it doesn't crash and it's the most well-tested CBOR library available (v1.5 has 375+ tests and passed 3+ billion execs in coverage-guided fuzzing).
A demo webapp (webauthn-demo) shows how to use this library with a security token like the YubiKey.