Popularity

4.9

Stable

Activity

0.0

Stable

Stars 160

Watchers 3

Forks 15

Last Commit about 2 years ago

Description

This project provides a low-level and a high-level API to use the Web Authentication API (WebAuthn).

Programming language: Go

License: MIT License

Tags: Security Authentication & OAuth Authentication

Latest version: v0.3.4

webauthn alternatives and similar packages

Based on the "Authentication & OAuth" category.
Alternatively, view webauthn alternatives based on common mentions on social networks and blogs.

authelia

9.8 9.8 webauthn VS authelia

The Single Sign-On Multi-Factor portal for web apps
casbin

9.7 7.4 webauthn VS casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Clean code begins in your IDE with SonarLint

Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

Promo www.sonarlint.org

jwt-go

9.7 1.0 webauthn VS jwt-go

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
aws-doc-sdk-examples

9.7 10.0 webauthn VS aws-doc-sdk-examples

Welcome to the AWS Code Examples Repository. This repo contains code examples used in the AWS documentation, AWS SDK Developer Guides, and more. For more information, see the Readme.md file below.
oauth2

9.3 6.0 webauthn VS oauth2

Go OAuth2
goth

9.0 7.3 webauthn VS goth

Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.
authboss

8.7 0.0 webauthn VS authboss

The boss of http auth.
go-jose

8.4 0.0 webauthn VS go-jose

An implementation of JOSE standards (JWE, JWS, JWT) in Go
go-oauth2-server

8.4 0.0 webauthn VS go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
loginsrv

8.2 0.0 webauthn VS loginsrv

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
gologin

8.0 7.3 webauthn VS gologin

Go login handlers for authentication providers (OAuth1, OAuth2)
gorbac

8.0 4.4 webauthn VS gorbac

goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.
osin

7.0 0.0 webauthn VS osin

Golang OAuth2 server library.
auth

6.9 6.2 webauthn VS auth

Authenticator via oauth2, direct, email and telegram
permissions2

6.5 0.0 webauthn VS permissions2

:closed_lock_with_key: Middleware for keeping track of users, login states and permissions
go.auth

6.2 0.0 webauthn VS go.auth

Authentication API for Go web applications.
Go-AWS-Auth

6.0 0.0 webauthn VS Go-AWS-Auth

AWS (Amazon Web Services) request signing library.
jwt-auth

5.7 0.8 webauthn VS jwt-auth

This package provides json web token (jwt) middleware for goLang http servers
httpauth

5.5 0.0 webauthn VS httpauth

HTTP Authentication middlewares
yubigo

4.8 0.0 webauthn VS yubigo

Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.
jwt

4.8 0.0 webauthn VS jwt

This is an implementation of JWT in golang!
RBAC

4.0 0.0 webauthn VS RBAC

RBAC - Simple, concurrent Role Based Access Control(GO)
sessions

3.6 0.0 webauthn VS sessions

A dead simple, highly performant, highly customizable sessions middleware for go http servers.
Passhash

1.4 0.0 webauthn VS Passhash

Go library providing simple and secure password management
Facecontrol

1.4 0.0 webauthn VS Facecontrol

Simple authentication, single sign-on and (optinal) authorization solution.
go-oauth2

1.0 0.0 webauthn VS go-oauth2

No description, website, or topics provided.

Do you think we are missing an alternative of webauthn or a related project?

Add another 'Authentication & OAuth' Package

Popular Comparisons

README

webauthn : Web Authentication API in Go

Overview

This project provides a low-level and a high-level API to use the Web Authentication API (WebAuthn).

Demo

Install

go get github.com/koesie10/webauthn

Attestation

By default, this library does not support any attestation statement formats. To use the default attestation formats, you will need to import github.com/koesie10/webauthn/attestation or any of its subpackages if you would just like to support some attestation statement formats.

Please note that the Android SafetyNet attestation statement format depends on gopkg.in/square/go-jose.v2, which means that this package will be imported when you import either github.com/koesie10/webauthn/attestation or github.com/koesie10/webauthn/attestation/androidsafetynet.

High-level API

The high-level API can be used with the net/http package and simplifies the low-level API. It is located in the webauthn subpackage. It is intended for use with e.g. fetch or XMLHttpRequest JavaScript clients.

First, make sure your user entity implements User. Then, create a new entity implements Authenticator that stores each authenticator the user registers.

Then, either make your existing repository implement AuthenticatorStore or create a new repository.

Finally, you can create the main WebAuthn struct supplying the Config options:

w, err := webauthn.New(&webauthn.Config{
    // A human-readable identifier for the relying party (i.e. your app), intended only for display.
    RelyingPartyName:   "webauthn-demo",
    // Storage for the authenticator.
    AuthenticatorStore: storage,
})

Then, you can use the methods defined, such as StartRegistration to handle registration and login. Every handler requires a Session, which stores intermediate registration/login data. If you use gorilla/sessions, use webauthn.WrapMap(session.Values). Read the documentation for complete information on what parameters need to be passed and what values are returned.

For example, a handler for finishing the registration might look like this:

func (r *http.Request, rw http.ResponseWriter) {
    ctx := r.Context()

    // Get the user in some way, in this case from the context
    user, ok := UserFromContext(ctx)
    if !ok {
        rw.WriteHeader(http.StatusForbidden)
        return
    }

    // Get or create a session in some way, in this case from the context
    sess := SessionFromContext(ctx)

    // Then call FinishRegistration to register the authenticator to the user
    h.webauthn.FinishRegistration(r, rw, user, webauthn.WrapMap(sess))
}

A complete demo application using the high-level API which implements all of these interfaces and stores data in memory is available here.

JavaScript examples

[This class](webauthn.js) is an example that can be used to handle the registration and login phases. It can be used as follows:

const w = new WebAuthn();

// Registration
w.register().then(() => {
    alert('This authenticator has been registered.');
}).catch(err => {
    console.error(err);
    alert('Failed to register: ' + err);
});

// Login
w.login().then(() => {
    alert('You have been logged in.');
}).catch(err => {
    console.error(err);
    alert('Failed to login: ' + err);
});

Or, with latest async/await paradigm:

const w = new WebAuthn();

// Registration
try {
    await w.register();
    alert('This authenticator has been registered.');
} catch (err) {
    console.error(err)
    alert('Failed to register: ' + err);
}

// Login
try {
    await w.login();
    alert('You have been logged in.');
} catch(err) {
    console.error(err);
    alert('Failed to login: ' + err);
}

Low-level API

The low-level closely resembles the specification and the high-level API should be preferred. However, if you would like to use the low-level API, the main entry points are:

License

MIT.

*Note that all licence references and agreements mentioned in the webauthn README section above are relevant to that project's source code only.

webauthn

Go package for easy WebAuthn integration