herrjemand / awesome-webauthn Goto Github PK
View Code? Open in Web Editor NEW๐ A curated list of awesome WebAuthn and Passkey resources
Home Page: https://bit.ly/AwesomeWebAuthn
License: Creative Commons Zero v1.0 Universal
๐ A curated list of awesome WebAuthn and Passkey resources
Home Page: https://bit.ly/AwesomeWebAuthn
License: Creative Commons Zero v1.0 Universal
Yuriy, you need to add https://github.com/rsolomakhin/secure-payment-confirmation to your list of awesome webauthn stuff since it is targeted to be the future for secure on-line payments.
Personally I believe this is giant mistake created by a very small group of people but since it is powered by Google this is probably = FIDO, right? I'm not aware of any other payment effort that are betting on 3DS/step-up authentication.
As you probably know EMV cards is the only real standard for secure payments. However, EMV never made it on the Web (except by keying in card numbers...). Therefore my suggestion is simply to create a Web-adapted version of EMV that unlike EMV also can work with most other payment networks including the EURO-zone's SEPA. That is, the proposed system is even more universal than EMV. The concept has been extensively tested but not with FIDO because that requires browser support.
Hi! Not a request but more of a todo list item for me. I have a fully conformant OpenAPI spec for WebAuthn painstakingly copied from the official specification. I'm keen to pull this out into its own resource so it can be valuable for others to use. Let me know if that would be useful and I can get it up into a standalone repo and maybe linked here in the coming weeks.
The WebAuthn API spec itself is buried inside the Storyden API spec for anyone who finds this via Google search: https://github.com/Southclaws/storyden/blob/main/api/openapi.yaml#L1107-L1333
Maybe useful, but I'm not the stockholder of this information...
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-fido2-hardware-vendor
https://webauthn.firstyear.id.au/
Contains both a demo of the webauthn-rs library, and an exhausting compatibilty test that exercises keys to see if they work correctly.
Hello @herrjemand , I have been trying to use the Damian Czaja: android-webauthn-token BLE authenticator mobile app , it does not work in any Android 11 or above platform , the Google Chrome Browser in the Mobile Phone works fine and helps in passwordless-logins to any websites . I also built the app on my Physical Device(based on Android 13) and tried using app to login but it didn't simply work . Just informing you as I feel that this app is trivial till date .
The section on hardware authenticators is quite empty
Basically everything Feitian, OnlyKey, Hapersecu, the Yubi stuff and similar things are missing. Not to talk about all the obscure Chinese "works but nobody can tell you how safe they are" USB devices.
Would it be appropriate to link to this repo?
https://github.com/Dashlane/android-passkey-example
It's a demo app for Android 14 that allows testing passkey registration and authentication.
Hi, I have a very helpful passkeys resource to add: passkeys.com.
The only passkeys online debugger I know, and out of the box examples for quick start with passkeys implementation.
I opened a PR for it -
#81
Maybe interesting is the Enterprise JSF WebAuthn Demo, available at:
https://demo.e-contract.be/ejsf-demo/webauthn.xhtml
Here we constructed a Jakarta Server Faces component to ease integration of WebAuthn within JSF based web applications. We even support the PRF extension.
The source code of this project is available at GitHub:
https://github.com/e-Contract/enterprise-jsf
My team and I have developed the WebAuthn.Net library for the .NET ecosystem.
It is open source under the MIT license and serves as an alternative to fido2-net-lib.
Our library passes all FIDO2 Server - MDS3 Tests (including all optional parameters) in the FIDO Conformance Tool 1.7.17.
We have submitted the test results using this tool.
The library includes a demonstration host and instructions on how to perform similar tests independently (if someone does not trust our results, they can perform a similar verification on their own).
I would like to know how we can be included in the Server Libraries list, and is there anything else we need to do for our library to be marked as FIDO CONFORMANT
in this list?
Is it enough to make a PR to this repository, or are there any additional verification steps required?
Hey there! The library github.com/duo-labs/webauthn has been archived (see here) and replaced by github.com/go-webauthn/webauthn. I am the principal maintainer of this org. With the help of several users this library now supports MDS3 (original only supports MDS2).
It should theoretically be as conformant as the original as it's a direct fork with mostly bug fixes and sensible feature additions, though we have not expressly completed any conformance testing.
How would you like to proceed with this? Would you like me to mark the original as deprecated (and how would you like this to appear) and add github.com/go-webauthn/webauthn under it as conformant or not mark it as such until we've completed formal conformance testing? Or do you want to handle this yourself?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.