pg-cbor
webauthn-minimal
pg-cbor | webauthn-minimal | |
---|---|---|
1 | 1 | |
6 | 3 | |
- | - | |
0.0 | 0.0 | |
over 1 year ago | over 1 year ago | |
PLpgSQL | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pg-cbor
-
You shouldn't have your crypto designed by a CEO
For reference, here is my PostgreSQL extension implementation of CBOR and WebAuthn:
https://github.com/truthly/pg-cbor
webauthn-minimal
-
You shouldn't have your crypto designed by a CEO
FWIW if you don't care about attestation, Webauthn-L2 has client-side helper functions like getPublicKey() that allow you to do the handshake without parsing any CBOR https://www.w3.org/TR/webauthn-2/#sctn-public-key-easy
If you want to check attestation you still need to parse CBOR (and whatever attestation format is inside.)
I used this for a minimal webauthn implementation which is under 300 LoC https://github.com/arianvp/webauthn-minimal (WIP)
However only Chrome seems to implement the L2 spec so far. It feels like Webauthn is basically abandoned on Mozilla side of things as they still haven't finished implementing L1 (It's missing all the CTAP2 stuff) whilst it has been out for more than a year. And there have barely been any Webauthn-related commits in the past years.
But yeh; in general webauthn is a design-by-committee dumpster fire; unfortunately.
What are some alternatives?
specifications - Cross tooling and interoperability specifications
frank_jwt - JSON Web Token implementation in Rust.
pg-webauthn - 🔐🐘 PostgreSQL WebAuthn Server
rekor - Software Supply Chain Transparency Log