Repository files navigation

A curated list of awesome WebAuthn/FIDO2 resources:

• WebAuthn Awesome

  • Demos
  • Enterprise Server
  • Server Libs
  • Client Libs
  • Software Authenticators
  • Hardware Authenticators

• Resources

  • Tutorials
  • Articles
  • Slides
  • Books

• FAQ

• Contributions Guidelines

• License

• Strongkey Basic JavaScript Demo - A simple JavaScript application to demonstrate FIDO2
• Strongkey Angular Demo - A simple Angular application to demonstrate FIDO2 along with user key management
• FIDO: WebAuthn Demo - FIDO Alliance WebAuthn demo
• DUO: WebAuthn Demo - A demonstration of the WebAuthn specificationhttps://webauthn.io/
• Mastercard: WebAuthn Demo - Webauthn/FIDO2 Relying Party Reference Implementation
• Adam Powers: WebAuthn Demo - A set of FIDO2 / WebAuthn demo servers. Live:https://webauthn.org
• Anders Åberg: .NET library for FIDO2 Demo - A working implementation library + demo for FIDO2 and WebAuthn using .NET.https://fido2.azurewebsites.net/
• Auth0: WebAuthn Demo - Probably the best WebAuthn flow demo
• Google: WebAuthn Demo - An example Java Relying Party implementation of the WebAuthn specificationhttps://webauthndemo.appspot.com
• Yubico: WebAuthn Demo - Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key
• jcjones: WebAuthn.bin.coffee DEMO - A simple site for testing Web Authenticationhttps://webauthn.bin.coffee/
• FIDO Alliance: Interop WebApp - As simple test app for FIDO2 servers
• Spomky-Labs: Webauthn Demo - a demo based on Symfony and the PHP frameworkweb-auth/webauthn-framework
• Yuriy Ackermann: FIDO2 Demos - A set of demos for"Introduction to WebAuthn API"
• Shane Weeden: FIDO2 Viewer - This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection

• FIDO® CERTIFIEDStrongKey: FIDO2 Server - Open-source Enterprise FIDO2 server with high availability, featuring the FIDO2 standard

• FIDO CONFORMANTAnders Åberg: .NET library for FIDO2 - A working implementation library + demo for fido2 and WebAuthn using .NET
• FIDO CONFORMANTWebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verification
• FIDO CONFORMANTDUO: WebAuthn Go library - WebAuthn library written in Go
• DUO: A WebAuthn Python module - PyWebAuthn is a Python module which can be used to handle WebAuthn registration and assertion
• Yubico: Java WebAuthn Server - Server-side Web Authentication library for Java
• Adam Powers: FIDO2 lib
• Nov Matake: Ruby WebAuthn Lib - W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Ruby
• Yubico: python-fido2 - FIDO2 client and server lib
• cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying Party
• Tangui: Wax - Elixir implementation of WebAuthn
• Suby Raman: redux-webauthn - Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2)
• Firstyear: WebAuthn-RS - An implementation of webauthn components for Rustlang servers
• Koesie10: WebAuthn - Go/JS WebAuthn library for easy server/client integation
• SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project
• Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications
• Wallix: @webauthn/server - A NodeJS library containing easy-to-use helpers to integrate FIDO2. Works in pair with@webauthn/client
• asbiin: laravel-webauthn - A Laravel adapter for the WebAuthn Framework (from Spomky-Labs)

• Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID
• Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures
• Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily
• Radoslav Bodó: soft-webauthn - Python software webauthn token
• Yubico: Mobile iOS SDK (YubiKit) - YubiKit is an iOS library provided by Yubico to interact with YubiKeys on iOS devices; works with other FIDO2 devices as well

• Damian Czaja: android-webauthn-token - A FIDO2 WebAuthn BLE Android phone token
• Fabian Henneke: WearAuthn - FIDO2 Bluetooth HID/NFC soft token for Wear OS watches with support for resident keys

• FIDO® CERTIFIED™SoloKeys - Solo is an open source FIDO2 security key, and you can get one at solokeys.com
• FIDO CONFORMANTConor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication
• Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality

• Introduction to WebAuthn API
• FIDO WebAuthn Workshop
• WebAuthn Guide: DUOSEC
• Yubico: Securing a Website with Passwordless Authentication
• Google: Your First WebAuthn - An awesome WebAuthn introduction by Eiji Kitamura @ Google

• Yuriy Ackermann: WebAuthn/FIDO2 Blog
• Auth0: Introduction to Web Authentication
• Watahani のブログ - 技術メモとか料理ネタとか
• Eiji Kitamura: Credential Management API and best practices
• FIDO блог Аккерманн Юрия на Хабре - Статьи о FIDO на русском
• Ken¥d のブログ - セキュリティ, Android, Cloud Nativeについてまとめるブログです
• gebo: CTAP2 お勉強メモ ブログ
• 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み（FIDO2サーバーの仕組みについて
• パスワードレス認証WebAuthnの勘所と対応状況
• パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る
• Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA - This article shows how FIDO2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application
• Paul Stamatiou: Getting started with security keys - How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys (Less technical but a very usefull article)
• Adam Powers FIDO Alliance: The Truth about Attestation - A woundeful tech article about attestations

• FIDO Alliance: WebAuthn Overview
• Implementing FIDO on Android Side using com.google.android.gms.fido.fido2

• Getting started with WebAuthn - コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です。

• Adam Powers: WebAuthn Logos - Awesome logos by Adam Powers

• What isFIDO® CERTIFIED?

FIDO® CERTIFIED means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification. A registered FIDO Alliance Trademark. Look upFIDO® CERTIFIED devices, companies, etc..

• What isFIDO CONFORMANT?

FIDO CONFORMANT means that implementation has passed FIDO conformance tools (as reported by the author), thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it herehttps://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet@herrjemand with a screenshot of passing the tests.

• FIDO2 or WebAuthn?

FIDO2 is the name of the standard. WebAuthn is just the browser JS API to talk to the authenticators. So the correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".

This work is licensed under aCreative Commons Attribution 4.0 International License.