惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
爱范儿
爱范儿
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
N
News | PayPal Newsroom
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
有赞技术团队
有赞技术团队
V
Visual Studio Blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Project Zero
Project Zero
B
Blog RSS Feed
J
Java Code Geeks
Google Online Security Blog
Google Online Security Blog
Last Week in AI
Last Week in AI
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
博客园 - 【当耐特】
Latest news
Latest news
T
Threat Research - Cisco Blogs
aimingoo的专栏
aimingoo的专栏
博客园_首页
博客园 - 三生石上(FineUI控件)
Engineering at Meta
Engineering at Meta
D
Docker
Forbes - Security
Forbes - Security
Help Net Security
Help Net Security
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
N
Netflix TechBlog - Medium
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threatpost
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
Webroot Blog
Webroot Blog

Passkeys Developer Resources on passkeys.dev

Client Hints Related Origin Requests Bootstrapping Reauthentication What are passkeys? Test Sites & Tools iOS & iPadOS Chrome OS Android macOS Windows Known Issues Specifications Terms About passkeys.dev Device Support Privacy Policy
Libraries
2022-09-25 · via Passkeys Developer Resources on passkeys.dev

A list of libraries for passkeys and FIDO2/WebAuthn

Selection criteria  

Companies that want to own passwordless authentication internally, or are looking to implement a turnkey solution for passkeys, will likely look for libraries or vendors. When selecting a library to implement passkeys, what should Relying Party developers keep an eye on?

Note: A small set of these criteria are not specific to passkeys, but are useful to keep in mind when selecting an open-source solution.

WebAuthn versions and capabilities  

  • Version: Check which version of the spec the library supports ( Level 2 , Level 3 …)
  • Features and capabilities: Check whether the library includes key features and capabilities for your use case.
    • Does the library help with generating registration and authentication options? Does it help with verification of the registration and authentication response? From a Relying Party perspective, these are the key steps of your implementation; make sure the library you select provides useful functions for these steps.
    • If you’re thinking of using attestation features:
      • Does the library help leverage FIDO MDS in some way?
      • Can it verify all attestation statement formats?

Verification steps  

Check whether the library follows the necessary verification steps:

UX  

If you’re looking for a library offering UI elements:

  • Visual consistency: Check that the solution uses standardized icons .
  • Clear language: Instructions using plain language are critical for broader user understanding. Prioritize solutions aligned with the FIDO UX guidelines .

More UX/UI guidelines can be found on Google Identity: Communicating passkeys to users and Passkeys user interface design .

Developer experience  

  • Full-stack coverage: A library that offers tightly-integrated frontend and backend components, like in SimpleWebAuthn , can streamline your integration.
  • Developer documentation: Check that the library has a maintained docs website to ease the integration process.

Developer involvement and maintenance  

  • Open-source maintenance: For open-source options, investigate their community activity. A few active issues, or many issues with up-to-date labels (assuming these require manual assignment), and comments by contributors, are all signals of an active community.
  • Note that standards can be slow-moving! As a result, WebAuthn/passkey libraries can go a long time between updates if there aren’t any real issues with it—but it doesn’t mean they’re unmaintained.

Licensing  

Review the solution’s licensing model (e.g., MIT, Apache, commercial) in the context of your project.

Updated for passkeys  

Rust  

TypeScript  

Java  

Other FIDO2/WebAuthn libraries  

The “Awesome WebAuthn” GitHub repo is also regularly updated with libraries from the community.

.NET  

Go  

Java  

Python  

Ruby  

Swift  

Zig