awesome-webauthn
WebAuthn toolkit
Curated list of tools and resources for implementing WebAuthn authentication in web applications
🔐 A curated list of awesome WebAuthn and Passkey resources
2k stars
54 watching
126 forks
last commit: 11 months ago
Linked from 2 awesome lists
authenticationawesomeawesome-listfido2passkeypasskeyspasskeys-demowebauthn
🔐 WebAuthn and Passkeys Awesome / Demos | |||
| DUO: WebAuthn Demo | 663 | 11 months ago | A demonstration of the WebAuthn Specification |
| Anders Åberg: .NET library for FIDO2 Demo | 1,195 | 11 months ago | A working implementation library + demo for FIDO2 and WebAuthn using .NET |
| Auth0: WebAuthn Demo | Probably the best WebAuthn flow demo | ||
| Google: WebAuthn Demo | 588 | about 1 year ago | An example Java Relying Party implementation of the WebAuthn specification |
| Yubico: WebAuthn Demo | Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key | ||
| jcjones: WebAuthn.bin.coffee DEMO | 90 | over 5 years ago | A simple site for testing Web Authentication |
| FIDO Alliance: Interop WebApp | 22 | 11 months ago | As simple test app for FIDO2 servers |
| Spomky-Labs: Webauthn Demo | a demo based on Symfony and the PHP framework | ||
| Yuriy Ackermann: FIDO2 Demos | 46 | 11 months ago | A set of demos for |
| Shane Weeden: FIDO2 Viewer | 44 | about 1 year ago | This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection |
| Xavier Renard: Webauthn Demo | 11 | about 2 years ago | A working WebAuthn demo based on java Spring Boot and react.js |
| Anders Rundgren: FIDO Web Pay | 3 | 11 months ago | Public FIDO-based "wallet" demo and associated standards proposal |
| MasterKale: SimpleWebAuthn Demo | A working instance of the showcasing both its server and browser libraries | ||
| MasterKale: WebAuthn Debugger | A WebAuthn registration and authentication response previewer | ||
| WebAuthn Viewer | A GUI based WebAuthn API response viewer | ||
| Chris Keogh: dotnetcore IdentityServer4 DEMO | 7 | over 4 years ago | A WebAuthN demo using dotnetcore and the FIDO2.NET library that integrates passwordless auth with |
| Firstyear: Webauthn RS demo and compatability tester | A demo of Webauthn using Webauthn-RS, with WASM browser components and an exhaustive device compatibility and stress tester | ||
| webauthn-skeleton: Node.js/Koa application | 29 | over 1 year ago | This is a working skeleton of a Node.js/Koa application with passwordless login (Web Authentication API, WebAuthN, FIDO2) |
| Dashlane: Android passkey example app | 72 | almost 2 years ago | An example Android application that demonstrates native passkey support |
| Passwordless.ID WebAuthn lib playground | Register, authenticate and verify WebAuthn credentials using this interactive playground | ||
| WebAuthn.Net Demo | Demonstration of usage scenarios with and ASP.NET Core 8 | ||
🔐 WebAuthn and Passkeys Awesome / Server Libraries | |||
| LINE: FIDO2 Server | 532 | 12 months ago | FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples |
| Hanko: Passkey Server | 133 | 11 months ago | FIDO2-certified passkey & WebAuthn server written in Go. Includes a JavaScript client SDK and a passkey provider for Auth.js (Next-Auth) |
| Anders Åberg: .NET library for FIDO2 | 1,195 | 11 months ago | A working implementation library + demo for fido2 and WebAuthn using .NET |
| WebAuthn.Net | 191 | about 1 year ago | A production-ready, easy-to-use, extensible implementation of WebAuthn for web applications on .NET 6 and .NET 8 + demo |
| WebAuthn4J Project: WebAuthn4J | 451 | 11 months ago | A portable Java library for WebAuthn server side verification |
| WebAuthn Go library | 827 | 11 months ago | WebAuthn library written in Go (replaces the archived and deprecated ) |
| cedarcode: WebAuthn Ruby | 666 | 12 months ago | Ruby implementation of a WebAuthn Relying Party |
| MasterKale: @simplewebauthn/server | 1,668 | 11 months ago | WebAuthn, Simplified. A TypeScript-first Node.js library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the front end (see ) |
| Eclipse Vert.x: WebAuthn | 166 | 11 months ago | Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc |
| Madwizard.org: WebAuthn PHP library | 51 | over 1 year ago | WebAuthn server library for PHP |
| Spomky-Labs: WebAuthn Framework | 430 | 12 months ago | This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications |
| Duo: py_webauthn | 875 | 11 months ago | Pythonic WebAuthn. A Python3 implementation of the WebAuthn API focused on making it easy to leverage the power of WebAuthn |
| Yubico: Java WebAuthn Server | 487 | 11 months ago | Server-side Web Authentication library for Java |
| webauthn-open-source: FIDO2 lib | 409 | about 1 year ago | A Node.js library for performing FIDO 2.0 / WebAuthn server functionality |
| Nov Matake: Ruby WebAuthn Lib | 20 | over 1 year ago | W3C Web Authentication API (a.k.a. WebAuthn / FIDO2) RP library in Ruby |
| Yubico: python-fido2 | 440 | 11 months ago | FIDO2 Client and Server lib |
| Tangui: Wax | 188 | about 1 year ago | Elixir implementation of WebAuthn |
| Suby Raman: redux-webauthn | 12 | almost 3 years ago | Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2) |
| Firstyear: WebAuthn-RS | 8 | 11 months ago | An implementation of Passkeys and Webauthn components for Rust web servers |
| Koesie10: WebAuthn | 165 | almost 5 years ago | Go/JS WebAuthn Library for easy Server/Client integation |
| SharpLab: Spring-Security-WebAuthn | 197 | 11 months ago | Unofficial WebAuthn module for the Spring Security project |
| Wallix: @webauthn/server | 105 | almost 2 years ago | A Node.js library containing easy-to-use helpers to integrate FIDO2. Works in pair with |
| asbiin: laravel-webauthn | 278 | 11 months ago | A Laravel adapter for the WebAuthn Framework (from Spomky-Labs) |
| e3b0c442: warp | 19 | about 2 years ago | A framework-independent Relying Party implemnetation for Go |
| fumieval: webauthn | 15 | almost 4 years ago | Fledgling Haskell implementation |
| lbuchs: PHP Webauthn | 480 | over 1 year ago | A simple PHP WebAuthn (FIDO2) server library |
| Robur: webauthn | 22 | about 1 year ago | An IO-agnostic WebAuthn server implementation written in OCaml |
| Passwordless.ID: WebAuthn lib | 472 | 11 months ago | A simple, minimal, opinionated typescript wrapper around WebAuthn. Features both client side to invoke WebAuthn and server side to verify credentials |
| swift-server: webauthn-swift | 131 | about 1 year ago | A Swift library for implementing the WebAuthn specs on server |
| kanidm: webauthn-rs | 501 | 11 months ago | An implementation of webauthn components for Rustlang servers |
🔐 WebAuthn and Passkeys Awesome / Client Libraries | |||
| Yubico: python-fido2 | 440 | 11 months ago | Client Lib to talk to a hardware authenticators over USB HID |
| Yubico: libfido2 | 610 | 11 months ago | C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures |
| keys.pub: go-libfido2 | 72 | over 2 years ago | Go client library (wraps Yubico: libfido2) |
| Lyo Kato: iOS Webauthn Kit | 104 | over 3 years ago | This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily |
| Yubico: Mobile Android SDK (YubiKit) | 116 | 11 months ago | YubiKit is an Android library provided by Yubico to interact with YubiKeys on Android devices. Works with other FIDO2 devices as well |
| Yubico: Mobile iOS SDK (YubiKit) | 206 | 11 months ago | YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well |
| Mozilla: authenticator-rs | 279 | 11 months ago | Rust library to interact with Security Keys, used by Firefox |
| Firstyear: webauthn-authenticator-rs | 8 | 11 months ago | Rust library for interacting with Security Keys, based on authenticator-rs, but with extensions to support CTAP2.1 and NFC |
| COTECH: Hardware Security SDK | 55 | about 3 years ago | Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge |
| MasterKale: @simplewebauthn/browser | 1,668 | 11 months ago | WebAuthn, Simplified. A TypeScript-first browser library for simpler WebAuthn integration. Supports use in TypeScript and JavaScript projects. Partner library to the back end (see ). Also works with Duo's py_webauthn |
| Corbado: flutter-passkeys | 64 | about 1 year ago | Flutter package to provide passkey authentication for iOS and Android apps |
| WIOSense: rauth-android | 18 | over 5 years ago | Android library for FIDO2 roaming authenticator |
🔐 WebAuthn and Passkeys Awesome / Software Authenticators | |||
| Damian Czaja: android-webauthn-token | 47 | over 6 years ago | A FIDO2 WebAuthn BLE Android phone token |
| Fabian Henneke: WearAuthn | 198 | about 1 year ago | FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys |
| Radoslav Bodó: soft-webauthn | 47 | over 2 years ago | Python software webauthn token |
| adessoSE: softauthn | 7 | almost 3 years ago | FIDO2 authenticator emulator/software token in Java |
| Daniel Stiner: Rust U2F | 299 | almost 2 years ago | U2F security token emulator written in Rust |
| Firstyear: webauthn-authenticator-rs | 8 | 11 months ago | Contains a software webauthn token with ephemeral attestation CA allowing richer testing of device policies |
| tjado mäcke: Authorizer | 506 | over 1 year ago | An Android password manager based on psafe3 files which supports FIDO2 WebAuthn over BLE |
| bulwarkid: virtual-fido | 1,221 | about 1 year ago | virtual-fido is an Golang based commandline application which emulates an USB security token. This can also be used as a library |
| bulwarkid: bulwark-passkeys | 106 | over 1 year ago | Bulwark passkeys is a desktop application written in Golang supporting CTAP2, similar to a platform-based authenticator |
| Pol Henarejos: pico-fido | 330 | 11 months ago | This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication |
🔐 WebAuthn and Passkeys Awesome / Hardware Authenticators | |||
| SoloKeys | Solo is an open source FIDO2 security key, and you can get one at | ||
| Conor Patrick: U2F Zero | 2,424 | about 3 years ago | U2F Zero is an open source U2F token for 2 factor authentication |
| Trezor | 357 | over 6 years ago | Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality |
| Google: OpenSK | 3,036 | about 1 year ago | OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards |
| Nitrokey | Nitrokey is developing/producing different types of open source and open hardware FIDO2 security keys (check for the "Nitrokey FIDO2" and "Nitrokey 3" related repositories) | ||
| BryanJacobs: FIDO2Applet | 91 | 11 months ago | FIDO2 CTAP2 Javacard Applet |
| darconeous: u2f-javacard | 31 | about 4 years ago | A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard (More recent fork of ) |
🔐 WebAuthn and Passkeys Awesome / Dev tools | |||
| Shane B Weeden: FIDO2 Postman Clients | 6 | about 1 year ago | FIDO2 Postman clients to easily test your FIDO2 API endpoints |
| MasterKale: WebAuthn Previewer | 15 | almost 3 years ago | A simple website for previewing WebAuthn attestations and assertions |
| Firstyear: Webauthn RS compatability tester | A webauthn device and browser stress tester that can identify flaws in implementations and has already found bugs in Firefox, Safari, Android and more | ||
| Descope: VirtualWebAuthn Test Tool | 75 | 11 months ago | A GO package to automate testing of a relying party WebAuthn server implementation without requiring a browser or an actual authenticator |
| Olivier Potonniée: FIDO MDS Explorer | A user-friendly web UI to explore the FIDO Metadata Service repository, which contains detailed characteristics and attestation certificates of authenticators registered to the FIDO Alliance | ||
| WebAuthn Playground | A web page (no server) to test WebAuthn operations with configurable parameters, and view/parse responses | ||
| Passkeys Debugger | A simple website to test different passkeys / WebAuthn server settings and client responses | ||
| Martin Paljak: YAFU - Yet Another FIDO Utility | 36 | 11 months ago | Java library and CLI utility for working with CTAP devices over USBHID and NFC |
🔐 WebAuthn and Passkeys Awesome / Specifications | |||
| FIDO latest specifications | A right place to find most recent & original FIDO specifications | ||
| CTAP 2.1 specs | Client to Authenticator protocol v2.1 | ||
| WebAuthn draft | Webauthn draft | ||
| CBOR specifications | A CBOR specification page with most recent updates and libraries for using CBOR in various programming languages | ||
| Credential Exchange Specifications | Credential Exchange Protocol (CXP) & Credential Exchange Format (CXF), working drafts | ||
🔐 WebAuthn and Passkeys Awesome / Tutorials | |||
| Introduction to WebAuthn API | In depth article grinding through WebAuthn API, and how to use it | ||
| Passkeys.dev | A greate guide on starting with passkeys | ||
| WebAuthn Guide: DUOSEC | Great WebAuthn beginners guide by Suby Raman | ||
| Yubico Labs: WebAuthn Starter Kit Reference Deployment | 47 | about 1 year ago | How an identifier-first flow helps migrate users towards passwordless. Integrates Yubico's java-webauthn-server with AWS Lambda and AWS Cognito. Includes example web and iOS clients. See |
| Yubico Labs: Securing a Website with Passwordless Authentication | 23 | almost 2 years ago | Yubico java discoverable credentials workshop |
| Google: Your First WebAuthn | An awesome WebAuthn introduction by Eiji Kitamura @ Google | ||
| FIDO Alliance: How To FIDO | 53 | about 3 years ago | A definitive guide on good FIDO UI/UX |
🔐 WebAuthn and Passkeys Awesome / Articles | |||
| Yuriy Ackermann: WebAuthn/FIDO2 Blog | Great blog for those who wish to go in-depth with WebAuthn | ||
| Auth0: Introduction to Web Authentication | A fantastic introduction to WebAuthn by folks at Auth0 | ||
| Watahani: のブログ | JP: 技術メモとか料理ネタとか | ||
| Eiji Kitamura: Credential Management API and best practices | Probably the best CredManAPI guide | ||
| Ken¥d: のブログ | JP: セキュリティ, Android, Cloud Nativeについてまとめるブログです | ||
| gebo: CTAP2 お勉強メモ ブログ | 認証,認可,FIDO,CTAP,NFC,BLE,c,c++,c#,Rust,ねこのげぼく | ||
| 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて) | Yahoo! JAPAN FIDO2 サーバーの仕組みに関するブログ | ||
| パスワードレス認証WebAuthnの勘所と対応状況 | WebAuthn API と基本的な FIDO 概念の概要 | ||
| パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る | 北村さん、パスワードレスの世界づくりについて語る | ||
| Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA | This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application | ||
| Paul Stamatiou: Getting started with security keys | How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. (Less technical but a very usefull article) | ||
| Adam Powers FIDO Alliance: The Truth about Attestation | A woundeful tech article about attestations | ||
| Henrik Loeser (data-henrik): FIDO2-related blog articles | FIDO2 keys on Linux and for cloud services | ||
| Tim Brust: Security Evaluation of Multi-Factor Authentication in Comparison with the Web Authentication API | 14 | about 1 year ago | A master's thesis comparing WebAuthn with other multi-factor authentication methods, such as HOTP, TOTP or U2F |
| Stavros Korokithakis: How to use FIDO2 USB authenticators with SSH | Nice tutorial on how to use FIDO2 to authenticate SSH sessions. As short as possible, but as detailed as necessary to understood all important topics (e.g. resident vs. non-resident keys) | ||
| webauthn.wft | A good overview with many detailed links to dig deeper if interested | ||
| Become Microsoft compatible security key vendor | A official guide to make your security keys Microsoft Entra compatible | ||
🔐 WebAuthn and Passkeys Awesome / Slides | |||
| Yuriy Ackermann: WebAuthn Overview | Introduction to WebAuthn Slide deck from 2019 talks | ||
| Implementing FIDO on Android Side using com.google.android.gms.fido.fido2 | Great guide for those who want to add passkey support to their Android app | ||
| WebAuthn Works: Slides | A library of slides by Yuriy Ackermann and WebAuthn Works in English and Russian | ||
🔐 WebAuthn and Passkeys Awesome / Books | |||
| Getting started with WebAuthn | コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です | ||
| Password authentication for web and mobile apps | A book by Dmitry Chestnykh @dchest about authentication on web and mobile. Talks in depth about correct password authenticatoin, and additionally introduces to FIDO2/Webauthn | ||
🔐 WebAuthn and Passkeys Awesome / Other | |||
| webauthn-open-source: WebAuthn Logos | 3 | almost 5 years ago | Awesome webauthn logos by Adam Powers |
| CTAP2.1 Migration Guide | 0 | over 3 years ago | A guide for those who have CTAP2.0 authenticator, and they want to migrate to CTAP2.1 |
| Passkeys/WebAuthn Cheat Sheet | A 2-sided PDF explaining all relevant objects, concepts and ressources to implement passkeys | ||
| WebAuthn Wiki | 1,189 | 11 months ago | WebAuthn API spec official explainers and wiki |
| State of Passkeys | Info page that shows current data about passkey-readiness of operating systems and browsers | ||
jnv/lists
0ex/more-awesome
dotnet/sdk
fxamacker/cbor
veepee-oss/vp.fsharp.sql
web-platform-tests/wpt
nulastudio/netbeauty2
proxykit/proxykit
w3c/web-share
stavroskasidis/blazorcontextmenu