webauthn Alternatives - Go Authentication & OAuth

Popularity

4.6

Growing

Activity

2.6

Growing

Stars 117

Watchers 3

Forks 13

Last Commit 3 months ago

Description

This project provides a low-level and a high-level API to use the Web Authentication API (WebAuthn).

Programming language: Go

Tags: Security Authentication & OAuth Authentication

Latest version: v0.3.4

webauthn alternatives and similar packages

Based on the "Authentication & OAuth" category

jwt-go

9.6 1.1 webauthn VS jwt-go

Golang implementation of JSON Web Tokens (JWT).
casbin

9.6 7.8 webauthn VS casbin

An authorization library that supports access control models like ACL, RBAC, ABAC.
aws-doc-sdk-examples

9.4 9.7 webauthn VS aws-doc-sdk-examples

aws
oauth2

9.1 2.3 webauthn VS oauth2

Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine and App Engine support.
goth

8.9 6.6 webauthn VS goth

provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple provides out of the box.
authboss

8.6 5.5 webauthn VS authboss

A modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure, and start building your app without having to build an authentication system each time.
go-jose

8.5 5.1 webauthn VS go-jose

A fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs.
go-oauth2-server

8.5 0.9 webauthn VS go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
loginsrv

8.4 5.8 webauthn VS loginsrv

JWT login microservice with plugable backends such as OAuth2 (Github), htpasswd, osiam.
gorbac

7.8 0.0 webauthn VS gorbac

provides a lightweight role-based access control (RBAC) implementation in Golang.
gologin

7.8 1.0 webauthn VS gologin

chainable handlers for login with OAuth1 and OAuth2 authentication providers.
authelia

7.5 9.4 webauthn VS authelia

The Cloud ready multi-factor single sign-on portal for your Apps
osin

7.0 0.0 webauthn VS osin

Golang OAuth2 server library.
permissions2

6.5 5.4 webauthn VS permissions2

Library for keeping track of users, login states and permissions. Uses secure cookies and bcrypt.
go.auth

6.3 0.0 webauthn VS go.auth

Authentication API for Go web applications.
Go-AWS-Auth

6.1 0.0 webauthn VS Go-AWS-Auth

AWS (Amazon Web Services) request signing library.
jwt-auth

5.6 2.9 webauthn VS jwt-auth

JWT middleware for goLang http servers with many configuration options.
httpauth

5.5 0.0 webauthn VS httpauth

HTTP Authentication middleware.
yubigo

4.7 1.0 webauthn VS yubigo

a Yubikey client package that provides a simple API to integrate the Yubico Yubikey into a go application.
auth

4.1 6.8 webauthn VS auth

authentication (a.k.a social login) via oauth2
jwt

3.6 1.3 webauthn VS jwt

A clean and easy to use implmentatino of JSON Web Tokens (JWT).
sessions

3.5 2.3 webauthn VS sessions

A dead simple, highly performant, highly customizable sessions service for go http servers.
RBAC

2.9 5.7 webauthn VS RBAC

Simple, concurrent Role Based Access Control
Passhash

1.1 0.0 webauthn VS Passhash

Simple and secure password management in Go
Facecontrol

1.0 0.0 webauthn VS Facecontrol

Simple yet powerful authentication, single sign-on and (optinal) authorization solution.
go-oauth2

1.0 0.0 webauthn VS go-oauth2

No description, website, or topics provided.

Do you think we are missing an alternative of webauthn or a related project?

Add another 'Authentication & OAuth' Package

Popular Comparisons

README

webauthn : Web Authentication API in Go

Overview

This project provides a low-level and a high-level API to use the Web Authentication API (WebAuthn).

Demo

Install

go get github.com/koesie10/webauthn

Attestation

By default, this library does not support any attestation statement formats. To use the default attestation formats, you will need to import github.com/koesie10/webauthn/attestation or any of its subpackages if you would just like to support some attestation statement formats.

Please note that the Android SafetyNet attestation statement format depends on gopkg.in/square/go-jose.v2, which means that this package will be imported when you import either github.com/koesie10/webauthn/attestation or github.com/koesie10/webauthn/attestation/androidsafetynet.

High-level API

The high-level API can be used with the net/http package and simplifies the low-level API. It is located in the webauthn subpackage. It is intended for use with e.g. fetch or XMLHttpRequest JavaScript clients.

First, make sure your user entity implements User. Then, create a new entity implements Authenticator that stores each authenticator the user registers.

Then, either make your existing repository implement AuthenticatorStore or create a new repository.

Finally, you can create the main WebAuthn struct supplying the Config options:

w, err := webauthn.New(&webauthn.Config{
    // A human-readable identifier for the relying party (i.e. your app), intended only for display.
    RelyingPartyName:   "webauthn-demo",
    // Storage for the authenticator.
    AuthenticatorStore: storage,
})

Then, you can use the methods defined, such as StartRegistration to handle registration and login. Every handler requires a Session, which stores intermediate registration/login data. If you use gorilla/sessions, use webauthn.WrapMap(session.Values). Read the documentation for complete information on what parameters need to be passed and what values are returned.

For example, a handler for finishing the registration might look like this:

func (r *http.Request, rw http.ResponseWriter) {
    ctx := r.Context()

    // Get the user in some way, in this case from the context
    user, ok := UserFromContext(ctx)
    if !ok {
        rw.WriteHeader(http.StatusForbidden)
        return
    }

    // Get or create a session in some way, in this case from the context
    sess := SessionFromContext(ctx)

    // Then call FinishRegistration to register the authenticator to the user
    h.webauthn.FinishRegistration(r, rw, user, webauthn.WrapMap(sess))
}

A complete demo application using the high-level API which implements all of these interfaces and stores data in memory is available here.

JavaScript examples

[This class](webauthn.js) is an example that can be used to handle the registration and login phases. It can be used as follows:

const w = new WebAuthn();

// Registration
w.register().then(() => {
    alert('This authenticator has been registered.');
}).catch(err => {
    console.error(err);
    alert('Failed to register: ' + err);
});

// Login
w.login().then(() => {
    alert('You have been logged in.');
}).catch(err => {
    console.error(err);
    alert('Failed to login: ' + err);
});

Or, with latest async/await paradigm:

const w = new WebAuthn();

// Registration
try {
    await w.register();
    alert('This authenticator has been registered.');
} catch (err) {
    console.error(err)
    alert('Failed to register: ' + err);
}

// Login
try {
    await w.login();
    alert('You have been logged in.');
} catch(err) {
    console.error(err);
    alert('Failed to login: ' + err);
}

Low-level API

The low-level closely resembles the specification and the high-level API should be preferred. However, if you would like to use the low-level API, the main entry points are:

License

MIT.

*Note that all licence references and agreements mentioned in the webauthn README section above are relevant to that project's source code only.

webauthn

Easy WebAuthn integration