Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WebAuthn #2825

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add WebAuthn #2825

wants to merge 2 commits into from

Conversation

yackermann
Copy link

@yackermann yackermann commented Oct 24, 2023

Awesome WebAuthn

Our curated list of resources, articles, servers, clients, and everything related to the WebAuthn API, Passkeys, and FIDO2. Started in 2019, by now it has more than 1300+ stars and is widely recognised as one of the key resources in building FIDO2 passwordless authentication solutions

By submitting this pull request I confirm I've read and complied with the below requirements 🖖

Please read it multiple times. I spent a lot of time on these guidelines and most people miss a lot.

Requirements for your pull request

  • Don't open a Draft / WIP pull request while you work on the guidelines. A pull request should be 100% ready and should adhere to all the guidelines when you open it. Instead use #2242 for incubation visibility.
  • Don't waste my time. Do a good job, adhere to all the guidelines, and be responsive.
  • You have to review at least 2 other open pull requests.
    Try to prioritize unreviewed PRs, but you can also add more comments to reviewed PRs. Go through the below list when reviewing. This requirement is meant to help make the Awesome project self-sustaining. Comment here which PRs you reviewed. You're expected to put a good effort into this and to be thorough. Look at previous PR reviews for inspiration. Just commenting “looks good” or simply marking the pull request as approved does not count! You have to actually point out mistakes or improvement suggestions. Comments pointing out lint violation are allowed, but does not count as a review.
  • You have read and understood the instructions for creating a list.
  • This pull request has a title in the format Add Name of List. It should not contain the word Awesome.
    • Add Swift
    • Add Software Architecture
    • Update readme.md
    • Add Awesome Swift
    • Add swift
    • add Swift
    • Adding Swift
    • Added Swift
  • Your entry here should include a short description about the project/theme of the list. It should not describe the list itself. The first character should be uppercase and the description should end in a dot. It should be an objective description and not a tagline or marketing blurb. It should not contain the name of the list.
    • - [iOS](…) - Mobile operating system for Apple phones and tablets.
    • - [Framer](…) - Prototyping interactive UI designs.
    • - [iOS](…) - Resources and tools for iOS development.
    • - [Framer](…)
    • - [Framer](…) - prototyping interactive UI designs
  • Your entry should be added at the bottom of the appropriate category.
  • The title of your entry should be title-cased and the URL to your list should end in #readme.
    • Example: - [Software Architecture](https://github.com/simskij/awesome-software-architecture#readme) - The discipline of designing and building software.
  • No blockchain-related lists.
  • The suggested Awesome list complies with the below requirements.

Requirements for your Awesome list

  • Has been around for at least 30 days.
    That means 30 days from either the first real commit or when it was open-sourced. Whatever is most recent.
  • Run awesome-lint on your list and fix the reported issues. If there are false-positives or things that cannot/shouldn't be fixed, please report it.
  • The default branch should be named main, not master.
  • Includes a succinct description of the project/theme at the top of the readme. (Example)
    • Mobile operating system for Apple phones and tablets.
    • Prototyping interactive UI designs.
    • Resources and tools for iOS development.
    • Awesome Framer packages and tools.
  • It's the result of hard work and the best I could possibly produce.
    If you have not put in considerable effort into your list, your pull request will be immediately closed.
  • The repo name of your list should be in lowercase slug format: awesome-name-of-list.
    • awesome-swift
    • awesome-web-typography
    • awesome-Swift
    • AwesomeWebTypography
  • The heading title of your list should be in title case format: # Awesome Name of List.
    • # Awesome Swift
    • # Awesome Web Typography
    • # awesome-swift
    • # AwesomeSwift
  • Non-generated Markdown file in a GitHub repo.
  • The repo should have awesome-list & awesome as GitHub topics. I encourage you to add more relevant topics.
  • Not a duplicate. Please search for existing submissions.
  • Only has awesome items. Awesome lists are curations of the best, not everything.
  • Does not contain items that are unmaintained, has archived repo, deprecated, or missing docs. If you really need to include such items, they should be in a separate Markdown file.
  • Includes a project logo/illustration whenever possible.
    • Either centered, fullwidth, or placed at the top-right of the readme. (Example)
    • The image should link to the project website or any relevant website.
    • The image should be high-DPI. Set it to maximum half the width of the original image.
    • Don't include both a title saying Awesome X and a logo with Awesome X. You can put the header image in a # (Markdown header) or <h1>.
  • Entries have a description, unless the title is descriptive enough by itself. It rarely is though.
  • Includes the Awesome badge.
    • Should be placed on the right side of the readme heading.
      • Can be placed centered if the list has a centered graphics header.
    • Should link back to this list.
  • Has a Table of Contents section.
    • Should be named Contents, not Table of Contents.
    • Should be the first section in the list.
    • Should only have one level of nested lists, preferably none.
    • Must not feature Contributing or Footnotes sections.
  • Has an appropriate license.
    • We strongly recommend the CC0 license, but any Creative Commons license will work.
      • Tip: You can quickly add it to your repo by going to this URL: https://github.com/<user>/<repo>/community/license/new?branch=main&template=cc0-1.0 (replace <user> and <repo> accordingly).
    • A code license like MIT, BSD, Apache, GPL, etc, is not acceptable. Neither are WTFPL and Unlicense.
    • Place a file named license or LICENSE in the repo root with the license text.
    • Do not add the license name, text, or a Licence section to the readme. GitHub already shows the license name and link to the full text at the top of the repo.
    • To verify that you've read all the guidelines, please comment on your pull request with just the word unicorn.
  • Has contribution guidelines.
    • The file should be named contributing.md. Casing is up to you.
    • It can optionally be linked from the readme in a dedicated section titled Contributing, positioned at the top or bottom of the main content.
    • The section should not appear in the Table of Contents.
  • All non-important but necessary content (like extra copyright notices, hyperlinks to sources, pointers to expansive content, etc) should be grouped in a Footnotes section at the bottom of the readme. The section should not be present in the Table of Contents.
  • Has consistent formatting and proper spelling/grammar.
    • The link and description are separated by a dash.
      Example: - [AVA](…) - JavaScript test runner.
    • The description starts with an uppercase character and ends with a period.
    • Consistent and correct naming. For example, Node.js, not NodeJS or node.js.
  • Does not use hard-wrapping.
  • Does not include a CI (e.g. GitHub Actions) badge.
    You can still use a CI for linting, but the badge has no value in the readme.
  • Does not include an Inspired by awesome-foo or Inspired by the Awesome project kinda link at the top of the readme. The Awesome badge is enough.

Go to the top and read it again.

@yackermann
Copy link
Author

🦄🦄🦄

@yackermann
Copy link
Author

yackermann commented Oct 24, 2023

Reviewed: #2763 #2647 #2843 #2763 #2837

@yackermann
Copy link
Author

yackermann commented Oct 24, 2023

I fixed all of the linting issues, however it still failing because of few specifics of my list:

  1. We have japanese / korean / chinese blogs and articles linked, and this causes linter to not see end punctuations.
  2. We prefix some list members with special certification related tags: FIDO CERTIFIED FIDO CONFORMANT to signify that solutions are officially certified or are conformant with the FIDO specification and have passed the test tools. This as well causes linter to fail.
  3. We have few rare repeats, because the same repo might be working as FIDO Server, and FIDO UI, or FIDO Client, so they may be specified twice in two different sections
  4. It does not like our Table of Content. I have no idea why. I even have copied from the awesome-langchain.

@sindresorhus
Copy link
Owner

Thanks for making an Awesome list! 🙌

It looks like you didn't read the guidelines closely enough. I noticed multiple things that are not followed. Try going through the list point for point to ensure you follow it. I spent a lot of time creating the guidelines so I wouldn't have to comment on common mistakes, and rather spend my time improving Awesome.

@infosecB
Copy link
Contributor

  • Pull request title should be "Add WebAuthn"
  • Your list heading does not comply with standard, should read "Awesome WebAuthn"
  • I recommend adding an awesome-lint job in Github actions of your project
  • I also recommend losing the Stars badge. It's already built into Github and seems redundant.

@infosecB infosecB mentioned this pull request Oct 24, 2023
34 tasks
@yackermann yackermann changed the title Add awesome-webauthn Add WebAuthn Oct 25, 2023
@yackermann
Copy link
Author

Done everything apart from auto-lintering because of the issues in: #2825 (comment)

@infosecB
Copy link
Contributor

@herrjemand emoji != word

@kuhel
Copy link

kuhel commented Oct 25, 2023

Check the linter error please.

@yackermann
Copy link
Author

yackermann commented Oct 26, 2023

As I mentioned before regarding linter errors:

  1. We have japanese / korean / chinese blogs and articles linked, and this causes linter to not see end punctuations.
  2. We prefix some list members with special certification related tags: FIDO CERTIFIED FIDO CONFORMANT to signify that solutions are officially certified or are conformant with the FIDO specification and have passed the test tools. This as well causes linter to fail.
  3. We have few rare repeats, because the same repo might be working as FIDO Server, and FIDO UI, or FIDO Client, so they may be specified twice in two different sections
  4. It does not like our Table of Content. I have no idea why. I even have copied from the awesome-langchain.

I have fixed every single linter error that was not cause by one of those four specified issues

@yackermann
Copy link
Author

@infosecB I have no idea what do you mean

@yackermann
Copy link
Author

yackermann commented Oct 28, 2023

Ok, after a lot of linter fight, I was able to address everything apart from two items which are critical to our project:

  • We prefix some list members with special certification related tags: FIDO CERTIFIED FIDO CONFORMANT to signify that solutions are officially certified or are conformant with the FIDO specification and have passed the test tools. This as well causes linter to fail.
Screenshot 2023-10-28 at 2 23 24 PM
  • We have few rare repeats, because the same repo might be working as FIDO Server, and FIDO UI, or FIDO Client, so they may be specified twice in two different sections

This is final linter screenshot shows corresponding error to the ones that I've specified.
Screenshot 2023-10-28 at 2 21 18 PM

@emmanuelgautier
Copy link

Hello @herrjemand,
This is an awesome list ! 👏

For the double link issue, I had a similar issue with two items describing two different parts of a same specification. You can trick the linter adding different query parameter values for each item.

You can find an example at this line : https://github.com/cerberauth/awesome-openidconnect/blob/main/README.md?plain=1#L108

@Symbitic
Copy link
Contributor

Looks good, but I'd recommend enclosing links to live demos under the Demos section (like [[demo](https://example)]) instead of bare URLs. I'd also consider some consolidation between Articles, Tutorials, Books, etc. since each only has a few entries.

@Symbitic Symbitic mentioned this pull request Feb 1, 2024
33 tasks
@emmanuelgautier emmanuelgautier mentioned this pull request Feb 13, 2024
32 tasks
@sindresorhus
Copy link
Owner

Descriptions should not be title-cased.

Example: A Demonstration of the WebAuthn Specification => A demonstration of the WebAuthn specification

@sindresorhus
Copy link
Owner

The FIDO CERTIFIED™ tag can be put in the description or below the item instead of in the title.

@sindresorhus
Copy link
Owner

The description starts with an uppercase character and ends with a period.

@sindresorhus
Copy link
Owner

The main readme should be English-only. You can put other language resources into a separate file and link to it from the readme.

@sindresorhus
Copy link
Owner

Some items are missing a description.

@sindresorhus
Copy link
Owner

Linkify WebAuthn in WebAuthn is a W3C standard that allows users to authenticate to websites using their preferred device. WebAuthn is supported by most browsers and platforms, and can be used with FIDO2, CTAP, U2F, and other devices. to https://en.wikipedia.org/wiki/WebAuthn

@yackermann
Copy link
Author

The FIDO CERTIFIED™ tag can be put in the description or below the item instead of in the title.

These tags are important differentiator for our ecosystem.

The main readme should be English-only. You can put other language resources into a separate file and link to it from the readme.

Most of our readme contains english only articles, however we have major contribution from Japanese and other communities. That would be unfair to throw away their resources in such manner considering how much they contributed.

@yackermann
Copy link
Author

The rest issues were addressed

@sindresorhus sindresorhus force-pushed the main branch 3 times, most recently from c05ec08 to bbe1e6f Compare April 9, 2024 14:21
@avidseeker
Copy link

Here are my notes:

  • Add current support status by browser, websites and applications. E.g: what browsers support this? Does Duo Mobile support passkeys? etc.
  • Some entries to add to the list:
    • tpm-fido-git: use tpm as a fido key
    • bitwarden has firefox and chrome support for saving passkeys and syncing them. This doesn't require a physical key.
    • Any fingerprint or biometric authenticator that can be added to the list?

@sindresorhus sindresorhus force-pushed the main branch 5 times, most recently from f0658c5 to 993cee4 Compare August 8, 2024 13:04
@akaanakbaik
Copy link

🗿

@yackermann
Copy link
Author

@avidseeker PRs are welcome *)

@@ -642,6 +642,7 @@
- [Security Card Games](https://github.com/Karneades/awesome-security-card-games#readme) - Train your skills and discuss various security topics.
- [Suricata](https://github.com/satta/awesome-suricata#readme) - Intrusion detection/prevention system and network security monitoring engine.
- [Prompt Injection](https://github.com/FonduAI/awesome-prompt-injection#readme) - A type of vulnerability that specifically targets machine learning models.
- [WebAuthn and Passkeys](https://github.com/herrjemand/awesome-webauthn#readme) - WebAuthn API/Passkeys is a web authentication standard for passwordless authentication.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new entry should be added in the end of the list

@DanailMinchev
Copy link
Contributor

Please have a look at these lint errors:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.