A curated list of awesome WebAuthn/FIDO2 resources
- FIDO: WebAuthn Demo - FIDO Alliance WebAuthn Demo
- DUO: WebAuthn Demo - A Demonstration of the WebAuthn Specification https://webauthn.io/
- Mastercard: WebAuthn Demo - Webauthn/FIDO2 Relying Party Reference Implementation
- Adam Powers: WebAuthn Demo - A set of FIDO2 / WebAuthn demo servers. Live: https://webauthn.org
- Anders Åberg: .NET library for FIDO2 Demo - A working implementation library + demo for FIDO2 and WebAuthn using .NET. https://fido2.azurewebsites.net/
- Auth0: WebAuthn Demo - Probably the best WebAuthn flow demo
- Google: WebAuthn Demo - An example Java Relying Party implementation of the WebAuthn specification. https://webauthndemo.appspot.com
- Yubico: WebAuthn Demo - Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key.
- jcjones: WebAuthn.bin.coffee DEMO - A simple site for testing Web Authentication https://webauthn.bin.coffee/
- FIDO Alliance: Interop WebApp - As simple test app for FIDO2 servers
- Spomky-Labs: Webauthn Demo - a demo based on Symfony and the PHP framework web-auth/webauthn-framework
- Yuriy Ackermann: FIDO2 Demos - A set of demos for "Introduction to WebAuthn API"
- Shane Weeden: FIDO2 Viewer - This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection.
- Xavier Renard: Webauthn Demo - A working WebAuthn demo based on java Spring Boot and react.js.
FIDO CERTIFIED™
Strong Key: FIDO2 Server - Open-source FIDO server, featuring the FIDO2 standard.FIDO CONFORMANT
Anders Åberg: .NET library for FIDO2 - A working implementation library + demo for fido2 and WebAuthn using .NETFIDO CONFORMANT
WebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verificationFIDO CONFORMANT
DUO: WebAuthn Go library - WebAuthn library written in Go.FIDO CONFORMANT
cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying PartyFIDO CONFORMANT
MasterKale: SimpleWebAuthn - WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers and Node.FIDO CONFORMANT
Eclipse Vert.x: WebAuthn - Reactive WebAuthn library for Eclipse Vert.x. Works with any Vert.x related framework: Vert.x Web, Quarkus, ES4X, etc....- DUO: A WebAuthn Python module - PyWebAuthn is a Python module which can be used to handle WebAuthn registration and assertion.
- Yubico: Java WebAuthn Server - Server-side Web Authentication library for Java.
- Adam Powers: FIDO2 lib
- Nov Matake: Ruby WebAuthn Lib - W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Ruby
- Yubico: python-fido2 - FIDO2 Client and Server lib
- Tangui: Wax - Elixir implementation of WebAuthn
- Suby Raman: redux-webauthn - Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2).
- Firstyear: WebAuthn-RS - An implementation of webauthn components for Rustlang servers
- Koesie10: WebAuthn - Go/JS WebAuthn Library for easy Server/Client integation
- SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project
- Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications.
- Wallix: @webauthn/server - A NodeJS library containing easy-to-use helpers to integrate FIDO2. Works in pair with @webauthn/client.
- asbiin: laravel-webauthn - A Laravel adapter for the WebAuthn Framework (from Spomky-Labs).
- e3b0c442: warp - A framework-independent Relying Party implemnetation for Go
- fumieval: webauthn - Fledgling Haskell implementation
- Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID
- Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
- keys.pub: go-libfido2 - Go client library (wraps Yubico: libfido2)
- Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
- Yubico: Mobile iOS SDK (YubiKit) - YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. Works with other FIDO2 devices as well
- Mozilla: authenticator-rs - Rust library to interact with Security Keys, used by Firefox
- COTECH: Hardware Security SDK - Android library to interact with FIDO2 and U2F security keys over NFC and USB. Also provides a WebAuthn-WebView bridge.
- Damian Czaja: android-webauthn-token - A FIDO2 WebAuthn BLE Android phone token
- Fabian Henneke: WearAuthn - FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys
- Radoslav Bodó: soft-webauthn - Python software webauthn token
FIDO CERTIFIED™
SoloKeys - Solo is an open source FIDO2 security key, and you can get one at solokeys.comFIDO CONFORMANT
Conor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.- Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
- Google: OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
- Introduction to WebAuthn API
- FIDO WebAuthn Workshop
- WebAuthn Guide: DUOSEC
- Yubico: Securing a Website with Passwordless Authentication
- Google: Your First WebAuthn - An awesome WebAuthn introduction by Eiji Kitamura @ Google
- Yuriy Ackermann: WebAuthn/FIDO2 Blog
- Auth0: Introduction to Web Authentication
- Watahani のブログ - 技術メモとか料理ネタとか
- Eiji Kitamura: Credential Management API and best practices
- FIDO блог Юрия Аккерманна на Хабре - Статьи о FIDO на русском
- Ken¥d のブログ - セキュリティ, Android, Cloud Nativeについてまとめるブログです
- gebo: CTAP2 お勉強メモ ブログ
- 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて
- パスワードレス認証WebAuthnの勘所と対応状況
- パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る
- Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA - This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application.
- Paul Stamatiou: Getting started with security keys - How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. (Less technical but a very usefull article)
- Adam Powers FIDO Alliance: The Truth about Attestation - A woundeful tech article about attestations
- Henrik Loeser (data-henrik): FIDO2-related blog articles - FIDO2 keys on Linux and for cloud services
- Tim Brust: Security Evaluation of Multi-Factor Authentication in Comparison with the Web Authentication API - A master's thesis comparing WebAuthn with other multi-factor authentication methods, such as HOTP, TOTP or U2F.
- FIDO Alliance: WebAuthn Overview
- Implementing FIDO on Android Side using com.google.android.gms.fido.fido2
- Getting started with WebAuthn - コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です。
- Adam Powers: WebAuthn Logos - An awesome logos by Adam Powers
- What is
FIDO CERTIFIED™
?
FIDO CERTIFIED
means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification. A registered FIDO Alliance Trademark.
- What is
FIDO CONFORMANT
?
FIDO CONFORMANT
means that implementation has passed FIDO conformance tools (as reported by the author), thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it here https://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet @herrjemand with a screenshot of passing the tests.
- FIDO2 or WebAuthn?
FIDO2 is the name of the standard. WebAuthn is just browser JS API to talk to the authenticators. So correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".
- I would like to advertise my company product here!
Please don't. The advertisement you can get is by writing a good, deep, technical article, or open sourcing your server or/and tools is much better for you, than cheap show off. People will buy your company product if you show them that you know what you are doing.
Otherwise we have strict no ads policy. We will only link to open source repos and actual articles. No company websites.
This work is licensed under a Creative Commons Attribution 4.0 International License.