awesome-webauthn
WebAuthn toolkit
Curated list of tools and resources for implementing WebAuthn authentication in web applications
🔐 A curated list of awesome WebAuthn and Passkey resources
2k stars
52 watching
124 forks
last commit: 15 days ago
Linked from 2 awesome lists
authenticationawesomeawesome-listfido2passkeypasskeyspasskeys-demowebauthn
🔐 WebAuthn and Passkeys Awesome / Demos | |||
DUO: WebAuthn Demo | 660 | 3 months ago | A demonstration of the WebAuthn Specification |
Anders Åberg: .NET library for FIDO2 Demo | 1,179 | 8 days ago | A working implementation library + demo for FIDO2 and WebAuthn using .NET |
Auth0: WebAuthn Demo | Probably the best WebAuthn flow demo | ||
Google: WebAuthn Demo | 582 | 3 months ago | An example Java Relying Party implementation of the WebAuthn specification |
Yubico: WebAuthn Demo | Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key | ||
jcjones: WebAuthn.bin.coffee DEMO | 90 | over 4 years ago | A simple site for testing Web Authentication |
FIDO Alliance: Interop WebApp | 22 | 3 months ago | As simple test app for FIDO2 servers |
Spomky-Labs: Webauthn Demo | a demo based on Symfony and the PHP framework | ||
Yuriy Ackermann: FIDO2 Demos | 45 | 3 months ago | A set of demos for |
Shane Weeden: FIDO2 Viewer | 44 | 3 months ago | This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection |
Xavier Renard: Webauthn Demo | 11 | over 1 year ago | A working WebAuthn demo based on java Spring Boot and react.js |
Anders Rundgren: FIDO Web Pay | 3 | about 1 month ago | Public FIDO-based "wallet" demo and associated standards proposal |
MasterKale: SimpleWebAuthn Demo | A working instance of the showcasing both its server and browser libraries | ||
MasterKale: WebAuthn Debugger | A WebAuthn registration and authentication response previewer | ||
WebAuthn Viewer | A GUI based WebAuthn API response viewer | ||
Chris Keogh: dotnetcore IdentityServer4 DEMO | 7 | over 3 years ago | A WebAuthN demo using dotnetcore and the FIDO2.NET library that integrates passwordless auth with |
Firstyear: Webauthn RS demo and compatability tester | A demo of Webauthn using Webauthn-RS, with WASM browser components and an exhaustive device compatibility and stress tester | ||
webauthn-skeleton: Node.js/Koa application | 29 | 8 months ago | This is a working skeleton of a Node.js/Koa application with passwordless login (Web Authentication API, WebAuthN, FIDO2) |
Dashlane: Android passkey example app | 69 | 10 months ago | An example Android application that demonstrates native passkey support |
Passwordless.ID WebAuthn lib playground | Register, authenticate and verify WebAuthn credentials using this interactive playground | ||
WebAuthn.Net Demo | Demonstration of usage scenarios with and ASP.NET Core 8 | ||
🔐 WebAuthn and Passkeys Awesome / Server Libraries | |||
LINE: FIDO2 Server | 528 | 18 days ago | FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples |
Hanko: Passkey Server | 126 | 3 months ago | FIDO2-certified passkey & WebAuthn server written in Go. Includes a JavaScript client SDK and a passkey provider for Auth.js (Next-Auth) |
Anders Åberg: .NET library for FIDO2 | 1,179 | 8 days ago | A working implementation library + demo for fido2 and WebAuthn using .NET |
WebAuthn.Net | 166 | about 2 months ago | A production-ready, easy-to-use, extensible implementation of WebAuthn for web applications on .NET 6 and .NET 8 + demo |
WebAuthn4J Project: WebAuthn4J | 444 | 6 days ago | A portable Java library for WebAuthn server side verification |
WebAuthn Go library | 798 | 4 days ago | WebAuthn library written in Go (replaces the archived and deprecated ) |
cedarcode: WebAuthn Ruby | 659 | 7 days ago | Ruby implementation of a WebAuthn Relying Party |
MasterKale: @simplewebauthn/server | 1,616 | 9 days ago | WebAuthn, Simplified. A TypeScript-first Node.js library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the front end (see ) |
Eclipse Vert.x: WebAuthn | 166 | 6 days ago | Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc |
Madwizard.org: WebAuthn PHP library | 51 | 6 months ago | WebAuthn server library for PHP |
Spomky-Labs: WebAuthn Framework | 423 | 6 days ago | This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications |
Duo: py_webauthn | 867 | 3 months ago | Pythonic WebAuthn. A Python3 implementation of the WebAuthn API focused on making it easy to leverage the power of WebAuthn |
Yubico: Java WebAuthn Server | 476 | 21 days ago | Server-side Web Authentication library for Java |
webauthn-open-source: FIDO2 lib | 408 | about 2 months ago | A Node.js library for performing FIDO 2.0 / WebAuthn server functionality |
Nov Matake: Ruby WebAuthn Lib | 20 | 5 months ago | W3C Web Authentication API (a.k.a. WebAuthn / FIDO2) RP library in Ruby |
Yubico: python-fido2 | 432 | 4 days ago | FIDO2 Client and Server lib |
Tangui: Wax | 188 | 23 days ago | Elixir implementation of WebAuthn |
Suby Raman: redux-webauthn | 12 | almost 2 years ago | Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2) |
Firstyear: WebAuthn-RS | 8 | 4 months ago | An implementation of Passkeys and Webauthn components for Rust web servers |
Koesie10: WebAuthn | 165 | almost 4 years ago | Go/JS WebAuthn Library for easy Server/Client integation |
SharpLab: Spring-Security-WebAuthn | 196 | 20 days ago | Unofficial WebAuthn module for the Spring Security project |
Wallix: @webauthn/server | 105 | 11 months ago | A Node.js library containing easy-to-use helpers to integrate FIDO2. Works in pair with |
asbiin: laravel-webauthn | 275 | 3 months ago | A Laravel adapter for the WebAuthn Framework (from Spomky-Labs) |
e3b0c442: warp | 19 | over 1 year ago | A framework-independent Relying Party implemnetation for Go |
fumieval: webauthn | 15 | almost 3 years ago | Fledgling Haskell implementation |
lbuchs: PHP Webauthn | 473 | 5 months ago | A simple PHP WebAuthn (FIDO2) server library |
Robur: webauthn | 22 | about 2 months ago | An IO-agnostic WebAuthn server implementation written in OCaml |
Passwordless.ID: WebAuthn lib | 456 | about 1 month ago | A simple, minimal, opinionated typescript wrapper around WebAuthn. Features both client side to invoke WebAuthn and server side to verify credentials |
swift-server: webauthn-swift | 130 | about 1 month ago | A Swift library for implementing the WebAuthn specs on server |
kanidm: webauthn-rs | 493 | 4 months ago | An implementation of webauthn components for Rustlang servers |
🔐 WebAuthn and Passkeys Awesome / Client Libraries | |||
Yubico: python-fido2 | 432 | 4 days ago | Client Lib to talk to a hardware authenticators over USB HID |
Yubico: libfido2 | 594 | 6 days ago | C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures |
keys.pub: go-libfido2 | 72 | over 1 year ago | Go client library (wraps Yubico: libfido2) |
Lyo Kato: iOS Webauthn Kit | 103 | over 2 years ago | This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily |
Yubico: Mobile Android SDK (YubiKit) | 112 | 14 days ago | YubiKit is an Android library provided by Yubico to interact with YubiKeys on Android devices. Works with other FIDO2 devices as well |
Yubico: Mobile iOS SDK (YubiKit) | 204 | 8 days ago | YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well |
Mozilla: authenticator-rs | 276 | about 2 months ago | Rust library to interact with Security Keys, used by Firefox |
Firstyear: webauthn-authenticator-rs | 8 | 4 months ago | Rust library for interacting with Security Keys, based on authenticator-rs, but with extensions to support CTAP2.1 and NFC |
COTECH: Hardware Security SDK | 55 | about 2 years ago | Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge |
MasterKale: @simplewebauthn/browser | 1,616 | 9 days ago | WebAuthn, Simplified. A TypeScript-first browser library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the back end (see ). Also works with Duo's py_webauthn |
Corbado: flutter-passkeys | 62 | about 2 months ago | Flutter package to provide passkey authentication for iOS and Android apps |
WIOSense: rauth-android | 17 | over 4 years ago | Android library for FIDO2 roaming authenticator |
🔐 WebAuthn and Passkeys Awesome / Software Authenticators | |||
Damian Czaja: android-webauthn-token | 47 | over 5 years ago | A FIDO2 WebAuthn BLE Android phone token |
Fabian Henneke: WearAuthn | 192 | 26 days ago | FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys |
Radoslav Bodó: soft-webauthn | 46 | over 1 year ago | Python software webauthn token |
adessoSE: softauthn | 6 | about 2 years ago | FIDO2 authenticator emulator/software token in Java |
Daniel Stiner: Rust U2F | 297 | 10 months ago | U2F security token emulator written in Rust |
Firstyear: webauthn-authenticator-rs | 8 | 4 months ago | Contains a software webauthn token with ephemeral attestation CA allowing richer testing of device policies |
tjado mäcke: Authorizer | 502 | 7 months ago | An Android password manager based on psafe3 files which supports FIDO2 WebAuthn over BLE |
bulwarkid: virtual-fido | 1,211 | 4 months ago | virtual-fido is an Golang based commandline application which emulates an USB security token. This can also be used as a library |
bulwarkid: bulwark-passkeys | 104 | 10 months ago | Bulwark passkeys is a desktop application written in Golang supporting CTAP2, similar to a platform-based authenticator |
Pol Henarejos: pico-fido | 305 | 12 days ago | This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication |
🔐 WebAuthn and Passkeys Awesome / Hardware Authenticators | |||
SoloKeys | Solo is an open source FIDO2 security key, and you can get one at | ||
Conor Patrick: U2F Zero | 2,421 | about 2 years ago | U2F Zero is an open source U2F token for 2 factor authentication |
Trezor | 353 | over 5 years ago | Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality |
Google: OpenSK | 3,009 | about 2 months ago | OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards |
Nitrokey | Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories) | ||
BryanJacobs: FIDO2Applet | 84 | 30 days ago | FIDO2 CTAP2 Javacard Applet |
darconeous: u2f-javacard | 30 | about 3 years ago | A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard (More recent fork of ) |
🔐 WebAuthn and Passkeys Awesome / Dev tools | |||
Shane B Weeden: FIDO2 Postman Clients | 6 | 3 months ago | FIDO2 Postman clients to easily test your FIDO2 API endpoints |
MasterKale: WebAuthn Previewer | 15 | almost 2 years ago | A simple website for previewing WebAuthn attestations and assertions |
Firstyear: Webauthn RS compatability tester | A webauthn device and browser stress tester that can identify flaws in implementations and has already found bugs in Firefox, Safari, Android and more | ||
Descope: VirtualWebAuthn Test Tool | 73 | 2 months ago | A GO package to automate testing of a relying party WebAuthn server implementation without requiring a browser or an actual authenticator |
Olivier Potonniée: FIDO MDS Explorer | A user-friendly web UI to explore the FIDO Metadata Service repository, which contains detailed characteristics and attestation certificates of authenticators registered to the FIDO Alliance | ||
WebAuthn Playground | A web page (no server) to test WebAuthn operations with configurable parameters, and view/parse responses | ||
Passkeys Debugger | A simple website to test different passkeys / WebAuthn server settings and client responses | ||
🔐 WebAuthn and Passkeys Awesome / Specifications | |||
FIDO latest specifications | A right place to find most recent & original FIDO specifications | ||
CTAP 2.1 specs | Client to Authenticator protocol v2.1 | ||
WebAuthn draft | Webauthn draft | ||
CBOR specifications | A CBOR specification page with most recent updates and libraries for using CBOR in various programming languages | ||
Credential Exchange Specifications | Credential Exchange Protocol (CXP) & Credential Exchange Format (CXF), working drafts | ||
🔐 WebAuthn and Passkeys Awesome / Tutorials | |||
Introduction to WebAuthn API | In depth article grinding through WebAuthn API, and how to use it | ||
Passkeys.dev | A greate guide on starting with passkeys | ||
WebAuthn Guide: DUOSEC | Great WebAuthn beginners guide by Suby Raman | ||
Yubico Labs: WebAuthn Starter Kit Reference Deployment | 47 | 2 months ago | How an identifier-first flow helps migrate users towards passwordless. Integrates Yubico's java-webauthn-server with AWS Lambda and AWS Cognito. Includes example web and iOS clients. See |
Yubico Labs: Securing a Website with Passwordless Authentication | 23 | 12 months ago | Yubico java discoverable credentials workshop |
Google: Your First WebAuthn | An awesome WebAuthn introduction by Eiji Kitamura @ Google | ||
FIDO Alliance: How To FIDO | 53 | about 2 years ago | A definitive guide on good FIDO UI/UX |
🔐 WebAuthn and Passkeys Awesome / Articles | |||
Yuriy Ackermann: WebAuthn/FIDO2 Blog | Great blog for those who wish to go in-depth with WebAuthn | ||
Auth0: Introduction to Web Authentication | A fantastic introduction to WebAuthn by folks at Auth0 | ||
Watahani: のブログ | JP: 技術メモとか料理ネタとか | ||
Eiji Kitamura: Credential Management API and best practices | Probably the best CredManAPI guide | ||
Ken¥d: のブログ | JP: セキュリティ, Android, Cloud Nativeについてまとめるブログです | ||
gebo: CTAP2 お勉強メモ ブログ | 認証,認可,FIDO,CTAP,NFC,BLE,c,c++,c#,Rust,ねこのげぼく | ||
上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて) | Yahoo! JAPAN FIDO2 サーバーの仕組みに関するブログ | ||
パスワードレス認証WebAuthnの勘所と対応状況 | WebAuthn API と基本的な FIDO 概念の概要 | ||
パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る | 北村さん、パスワードレスの世界づくりについて語る | ||
Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA | This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application | ||
Paul Stamatiou: Getting started with security keys | How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. (Less technical but a very usefull article) | ||
Adam Powers FIDO Alliance: The Truth about Attestation | A woundeful tech article about attestations | ||
Henrik Loeser (data-henrik): FIDO2-related blog articles | FIDO2 keys on Linux and for cloud services | ||
Tim Brust: Security Evaluation of Multi-Factor Authentication in Comparison with the Web Authentication API | 14 | 2 months ago | A master's thesis comparing WebAuthn with other multi-factor authentication methods, such as HOTP, TOTP or U2F |
Stavros Korokithakis: How to use FIDO2 USB authenticators with SSH | Nice tutorial on how to use FIDO2 to authenticate SSH sessions. As short as possible, but as detailed as necessary to understood all important topics (e.g. resident vs. non-resident keys) | ||
webauthn.wft | A good overview with many detailed links to dig deeper if interested | ||
Become Microsoft compatible security key vendor | A official guide to make your security keys Microsoft Entra compatible | ||
🔐 WebAuthn and Passkeys Awesome / Slides | |||
Yuriy Ackermann: WebAuthn Overview | Introduction to WebAuthn Slide deck from 2019 talks | ||
Implementing FIDO on Android Side using com.google.android.gms.fido.fido2 | Great guide for those who want to add passkey support to their Android app | ||
WebAuthn Works: Slides | A library of slides by Yuriy Ackermann and WebAuthn Works in English and Russian | ||
🔐 WebAuthn and Passkeys Awesome / Books | |||
Getting started with WebAuthn | コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です | ||
Password authentication for web and mobile apps | A book by Dmitry Chestnykh @dchest about authentication on web and mobile. Talks in depth about correct password authenticatoin, and additionally introduces to FIDO2/Webauthn | ||
🔐 WebAuthn and Passkeys Awesome / Other | |||
webauthn-open-source: WebAuthn Logos | 3 | almost 4 years ago | Awesome webauthn logos by Adam Powers |
CTAP2.1 Migration Guide | 0 | almost 3 years ago | A guide for those who have CTAP2.0 authenticator, and they want to migrate to CTAP2.1 |
Passkeys/WebAuthn Cheat Sheet | A 2-sided PDF explaining all relevant objects, concepts and ressources to implement passkeys | ||
WebAuthn Wiki | 1,186 | 7 days ago | WebAuthn API spec official explainers and wiki |
State of Passkeys | Info page that shows current data about passkey-readiness of operating systems and browsers |