Replies: 2 comments
-
|
Hey @nflaig, I'm curious what kinds of queries you did when looking for a WebAuthn library to use. Did you search npm directly? Or just googled around? I feel I've done what I can to put this library out there for people to find short of running ad campaigns but I know there's room for improvement. First of all, to get it out of the, don't bother with U2F support at all. Chrome fully deprecated it sometime within the last year and so Chrome won't support it anymore. "FIDO2" is what you want to search for when looking for "things that'll work with WebAuthn". As for comparing this library to others, I don't know if a comparison chart is in my best interests. It turns into overhead as now I have to track not only how my library evolves, but how my "competitors" evolve their libraries too. It's not something I'd ever be interested in maintaining; I figure I'll let the READMEs and docs site speak for themselves. Part of the problem is that this is technically a monorepo, and so you'd have to dive into a package to find its README that describes its fundamental features, like this: But SimpleWebAuthn READMEs have been historically lean because I chose to stand up and update a homepage with docs alongside the project. The bulk of the content that might comprise the READMEs or a GitHub-based wiki is all on that website instead. I wonder if that hasn't helped with exposure/SEO/whatever...I don't actually look at traffic to the site to see how many visitors it gets on any given month.
Oh boy, I forgot I initially named this project "webauthntine". Thankfully I saw some reason 😂 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response and explanations. Regarding the search queries, as soon as you know you are looking for WebAuthn libraries you will definitely find your library or fido2-lib but if you search for something like About the comparison, you are probably right, I spent a whole lot of time reviewing both libraries and it is hard to point out technical differences , although I have to say the API of your libraries is probably 10x cleaner and the docs are way better. That's also why I went for your client + server library and it was pretty straight forward to implement everything. I also want to run the FIDO conformance tests against our server now, lets see how that goes |
Beta Was this translation helpful? Give feedback.
-
Hi @MasterKale 👋
First of all thanks for providing such a great library for WebAuthn/FIDO2
I did a bit of review of your library and fido2-lib and both look pretty good to me. I like the documentation provided by your library more that's why I rather want to it but maybe it would be sense to have a more technical comparison of those libraries, for example on supported features. This could maybe make it easier for developers to decide for which library to go for, also besides fido2-lib there are a lots of others (also non nodejs) listed here.
I guess sooner or later if WebAuthn/FIDO2 gets more adopted there will be more clarity on this, at least for me it was hard to really understand it also in comparison to U2F, also regarding the npm downloads of for example u2f-api. If you search for security key implementations in javascript/nodejs you tend to end up there but as I understand it is U2F already outdated and should no longer be used, at least if you implement it now.
Also a bit related to that is this reddit post where you linked your library but there does not seem to be much discussion.
I hope that made some sense, looking forward to a good dicussion
Beta Was this translation helpful? Give feedback.
All reactions