webauthn-minimal
pg-cbor
| webauthn-minimal | pg-cbor | |
|---|---|---|
| 1 | 1 | |
| 3 | 6 | |
| - | - | |
| 0.0 | 0.0 | |
| over 1 year ago | over 1 year ago | |
| Go | PLpgSQL | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webauthn-minimal
-
You shouldn't have your crypto designed by a CEO
FWIW if you don't care about attestation, Webauthn-L2 has client-side helper functions like getPublicKey() that allow you to do the handshake without parsing any CBOR https://www.w3.org/TR/webauthn-2/#sctn-public-key-easy
If you want to check attestation you still need to parse CBOR (and whatever attestation format is inside.)
I used this for a minimal webauthn implementation which is under 300 LoC https://github.com/arianvp/webauthn-minimal (WIP)
However only Chrome seems to implement the L2 spec so far. It feels like Webauthn is basically abandoned on Mozilla side of things as they still haven't finished implementing L1 (It's missing all the CTAP2 stuff) whilst it has been out for more than a year. And there have barely been any Webauthn-related commits in the past years.
But yeh; in general webauthn is a design-by-committee dumpster fire; unfortunately.
pg-cbor
-
You shouldn't have your crypto designed by a CEO
For reference, here is my PostgreSQL extension implementation of CBOR and WebAuthn:
https://github.com/truthly/pg-cbor
What are some alternatives?
frank_jwt - JSON Web Token implementation in Rust.
specifications - Cross tooling and interoperability specifications
pg-webauthn - 🔐🐘 PostgreSQL WebAuthn Server
rekor - Software Supply Chain Transparency Log