/passkey-authenticator-aaguids

This repo contains a community sourced list of AAGUIDs for passkey authenticators to help with naming in end user management UIs

Passkey Provider AAGUIDs

This is a community-driven list of known passkey provider AAGUIDs to assist with naming passkeys in end user passkey management interfaces (e.g. account settings). It is not intended to be used for any other purpose and could go away at any time.

This does not replace FIDO's Metadata Service (MDS), which should continue to be used for all authoritative security details about FIDO authenticators. Some AAGUIDs in this list may not appear in FIDO MDS.

Schema

For full details, see the latest JSON schema file: https://github.com/passkeydeveloper/passkey-authenticator-aaguids/blob/main/aaguid.json.schema

The top level property value is the AAGUID itself. For consistency in this file, ensure it is lowercase.

Each AAGUID member has at minimum, a name property. This property represents the friendly name of the passkey provider for display in RP interfaces. For example, "Google Password Manager", "Dashlane", or "1Password".

Each AAGUID member can also optionally contain embedded icon data, for use next to the friendly name in RP interfaces.

The properties are icon_dark and icon_light. The values of these properties must be SVG data encoded into a base64 data URI. icon_dark should be a version targeted at dark mode and/or dark backgrounds. icon_light should be a version targeted at light mode and/or light backgrounds. The image must be square.

Many web-based tools can do this encoding/formatting, including: https://base64.guru/converter/encode/image/svg (select Data URI under "Output Format").

Example of the Google G icon as a base64 encoded SVG data URI:



Contributing

If you represent a passkey provider, you can add your AAGUID by creating a pull request. Be sure to validate your changes using a JSON Schema tool (ajv, for example). A validation will also take place when your PR is created.

Please be sure your GitHub profile is complete with an organization name, and contact information in your organization's realm (e.g. company email). If that is not possible, you may be asked to verify out of band.