An next.js application for demonstrating registration and authentication with a FIDO2 authenticator using the WebAuthn API.
Hosted demo (login/signup page) available here.
Currently, this WebAuthn demo...
- implements all required steps for WebAuthn registration and
validation as required by the spec
- attestation statement validation is partially complete,
with support for
packedandnoneformats - attestation data signature validation with X.509 certs does not currently validate the whole chain of trust
- importing of both RSA and EC COSE-encoded keys are supported
- logging during various steps of validation are processed with pino logger, and pretty printed only during development
- attestation statement validation is partially complete,
with support for
- stores the created credential during registration in a Firebase database as a credential record
- does all necessary validation to prevent duplicate registrations etc.
- authenticates user sessions with a JWT token (with a lifetime of 30 minutes) with the ES512 algorithm
- displays user info when the user is logged in
- allows the user to log out or delete their account
- Rename
.env.exampleto.env.local - Generate an EC 256-bit private key with openssl:
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem, then derive the public key withopenssl ec -in private-key.pem -pubout -out public-key.pem - Create a Firebase project, then create a service account and download its credentials
- Populate the respective values in
.env.local, replacing\nin keys with\\n - Install dependencies with
yarn install(or simplyyarn) and runyarn run devto start the NextJS dev server
Want to host your own instance of this demo? Hit the deploy button below to host this project on Vercel! Remember to configure environment variables (outlined in the steps above) in the Vercel dashboard too.