A curated list of awesome WebAuthn/FIDO2 resources
FIDO COMPLIANTOnlyKey - OnlyKey is an open source FIDO2 security key, a hardware password manager, and supports additional features like passwordless SSH login and OpenPGP. You can get one at https://onlykey.ioFIDO COMPLIANTConor Patrick: U2F Zero - U2F Zero is an open source U2F token for 2 factor authentication.FIDO COMPLIANTSoloKeys - Solo is an open source FIDO2 security key, and you can get one at solokeys.com- Trezor - Trezor is an open source hardware wallet with FIDO/U2F and FIDO2/WebAuthn functionality.
- FIDO: WebAuthn Demo - FIDO Alliance WebAuthn Demo
- DUO: WebAuthn Demo - A Demonstration of the WebAuthn Specification https://webauthn.io/
- Mastercard: WebAuthn Demo - Webauthn/FIDO2 Relying Party Reference Implementation
- Adam Powers: WebAuthn Demo - A set of FIDO2 / WebAuthn demo servers. Live: https://webauthn.org
- Anders Åberg: .NET library for FIDO2 Demo - A working implementation library + demo for FIDO2 and WebAuthn using .NET. https://fido2.azurewebsites.net/
- Auth0: WebAuthn Demo - Probably the best WebAuthn flow demo
- Google: WebAuthn Demo - An example Java Relying Party implementation of the WebAuthn specification. https://webauthndemo.appspot.com
- Yubico: WebAuthn Demo - Provides technical details of WebAuthn data flow and includes a playground to test a U2F/FIDO2 key as a second factor or passwordless key.
- jcjones: WebAuthn.bin.coffee DEMO - A simple site for testing Web Authentication https://webauthn.bin.coffee/
- FIDO Alliance: Interop WebApp - As simple test app for FIDO2 servers
- Spomky-Labs: Webauthn Demo - a demo based on Symfony and the PHP framework web-auth/webauthn-framework
- Yuriy Ackermann: FIDO2 Demos - A set of demos for "Introduction to WebAuthn API"
- Shane Weeden: FIDO2 Viewer - This is a free, simple, standalone-in-the-browser viewer for FIDO2 attestation and assertion payload inspection.
FIDO CERTIFIEDStrong Key: FIDO2 Server - Open-source FIDO server, featuring the FIDO2 standard. https://encryptedweb.orgFIDO COMPLIANTAnders Åberg: .NET library for FIDO2 - A working implementation library + demo for fido2 and WebAuthn using .NETFIDO COMPLIANTWebAuthn4J Project: WebAuthn4J - A portable Java library for WebAuthn server side verificationFIDO COMPLIANTDUO: WebAuthn Go library - WebAuthn library written in Go.- DUO: A WebAuthn Python module - PyWebAuthn is a Python module which can be used to handle WebAuthn registration and assertion.
- Yubico: Java WebAuthn Server - Server-side Web Authentication library for Java.
- Adam Powers: FIDO2 lib
- Nov Matake: Ruby WebAuthn Lib - W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Ruby
- Yubico: python-fido2 - FIDO2 Client and Server lib
- cedarcode: WebAuthn Ruby - Ruby implementation of a WebAuthn Relying Party
- Tangui: Wax - Elixir implementation of WebAuthn
- Suby Raman: redux-webauthn - Redux middleware for registering and authenticating users with the Web Authentication API (FIDO2).
- Firstyear: WebAuthn-RS - An implementation of webauthn components for Rustlang servers
- Koesie10: WebAuthn - Go/JS WebAuthn Library for easy Server/Client integation
- SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project
- Spomky-Labs: WebAuthn Framework - This framework contains PHP libraries and Symfony bundle to allow developpers to integrate FIDO2 authentication mechanism into their web applications.
- Wallix: @webauthn/server - A NodeJS library containing easy-to-use helpers to integrate FIDO2. Works in pair with @webauthn/client.
- Yubico: python-fido2 - Client Lib to talk to a hardware authenticators over USB HID
- Yubico: libfido2 - C client library and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
- Lyo Kato: iOS Webauthn Kit - This library provides you a way to handle W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) easily.
- Damian Czaja: android-webauthn-token - A FIDO2 WebAuthn BLE Android phone token
- Radoslav Bodó: soft-webauthn - Python software webauthn token
- Yuriy Ackermann: WebAuthn/FIDO2 Blog
- Auth0: Introduction to Web Authentication
- Watahani のブログ - 技術メモとか料理ネタとか
- Eiji Kitamura: Credential Management API and best practices
- FIDO блог Аккерманн Юрия на Хабре - Статьи о FIDO на русском
- Ken¥d のブログ - セキュリティ, Android, Cloud Nativeについてまとめるブログです
- gebo: CTAP2 お勉強メモ ブログ
- 上野博司/super_reader: Yahoo! JAPANでの生体認証の取り組み(FIDO2サーバーの仕組みについて
- パスワードレス認証WebAuthnの勘所と対応状況
- パスワードの不要な世界はいかにして実現されるのか - FIDO2 と WebAuthn の基本を知る
- Damien Bod: ASP.NET CORE IDENTITY WITH FIDO2 WEBAUTHN MFA - This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application.
- FIDO Alliance: WebAuthn Overview
- Implementing FIDO on Android Side using com.google.android.gms.fido.fido2
- Getting started with WebAuthn - コミックマーケット95で頒布した同人誌「Getting started with WebAuthn」の電子版(PDF)です。
- Adam Powers: WebAuthn Logos - An awesome logos by Adam Powers
- What is
FIDO CERTIFIED?
FIDO CERTIFIED means that implementation has passed FIDO conformance tools, passed interoperability even, and has achieved official FIDO Alliance certification.
- What is
FIDO COMPLIANT?
FIDO COMPLIANT means that implementation has passed FIDO conformance tools, thus can claim that it is conformant with FIDO2 specifications. If you want to get access to the conformance tools, you can do it here https://fidoalliance.org/certification/functional-certification/conformance/. If you have passed conformance tools, send me a DM or a tweet @herrjemand with a screenshot of passing the tests.
- FIDO2 or WebAuthn?
FIDO2 is the name of the standard. WebAuthn is just browser JS API to talk to the authenticators. So correct way to call your server is "FIDO2 Server" and to say "Authentication with FIDO2".
This work is licensed under a Creative Commons Attribution 4.0 International License.
