libwebauthn

A Linux-native implementation of FIDO2 and FIDO U2F Platform API, fully written in Rust.

This library supports multiple transports (see Transports for a list) via a pluggable interface, making it easy to add additional backends.

Credentials for Linux Project

This repository is now part of the Credentials for Linux project, and was previously known as xdg-credentials-portal.

The Credentials for Linux project aims to offer FIDO2 platform functionality (FIDO U2F, and WebAuthn) on Linux, over a D-Bus Portal interface.

Looking for the D-Bus API proposal? Check out platform-api.

Features

• FIDO U2F
  • 🟢 Registration (U2F_REGISTER)
  • 🟢 Authentication (U2F_AUTHENTICATE)
  • 🟢 Version (U2F_VERSION)
• FIDO2
  • 🟢 Create credential
  • 🟢 Verify assertion
  • 🟢 Biometric user verification
  • 🟢 Discoverable credentials (resident keys)
• FIDO2 to FIDO U2F downgrade
  • 🟢 Basic functionality
  • 🟢 Support for excludeList and pre-flight requests
• PIN/UV Protocols
  • 🟢 PIN/UV Auth Protocol One
  • 🟢 PIN/UV Auth Protocol Two
• PIN/UV Operations
  • 🟢 GetPinToken
  • 🟢 GetPinUvAuthTokenUsingPinWithPermissions
  • 🟢 GetPinUvAuthTokenUsingUvWithPermissions
• Passkey Authentication
  • 🟢 Discoverable credentials (resident keys)
  • 🟢 Hybrid transport (caBLE v2): QR-initiated transactions ([#52][#52]: iOS only)
  • 🟠 Hybrid transport (caBLE v2): State-assisted transactions (#31: planned)

Transports

Example programs

After cloning, you can try out one of the libwebauthn examples:

$ cd libwebauthn
$ git submodule update --init
$ cargo run --example webauthn_hid
$ cargo run --example webauthn_cable
$ cargo run --example u2f_hid

Contributing

We welcome contributions!

If you'd like to contribute but you don't know where to start, check out the Issues tab.