@simplewebauthn/server
Advanced tools
@simplewebauthn/server is a Node.js library that provides server-side functionality for WebAuthn, a web standard for secure authentication using public key cryptography. It helps in implementing registration and authentication flows for WebAuthn, making it easier to integrate strong, passwordless authentication into web applications.
Registration
This feature allows you to generate registration options for a new user and verify the registration response from the client. It ensures that the registration process is secure and follows the WebAuthn protocol.
const { generateRegistrationOptions, verifyRegistrationResponse } = require('@simplewebauthn/server');
// Generate registration options
const options = generateRegistrationOptions({
rpName: 'Example Corp',
rpID: 'example.com',
userID: 'user-id',
userName: 'user@example.com',
attestationType: 'indirect',
authenticatorSelection: {
userVerification: 'preferred',
},
});
// Verify registration response
const verification = verifyRegistrationResponse({
credential: response,
expectedChallenge: options.challenge,
expectedOrigin: 'https://example.com',
expectedRPID: 'example.com',
});Authentication
This feature allows you to generate authentication options for an existing user and verify the authentication response from the client. It ensures that the authentication process is secure and follows the WebAuthn protocol.
const { generateAuthenticationOptions, verifyAuthenticationResponse } = require('@simplewebauthn/server');
// Generate authentication options
const options = generateAuthenticationOptions({
rpID: 'example.com',
userVerification: 'preferred',
});
// Verify authentication response
const verification = verifyAuthenticationResponse({
credential: response,
expectedChallenge: options.challenge,
expectedOrigin: 'https://example.com',
expectedRPID: 'example.com',
authenticator: authenticator,
});fido2-lib is a library for implementing FIDO2 and WebAuthn server functionality. It provides similar features to @simplewebauthn/server, such as registration and authentication flows, but may require more manual setup and configuration.
webauthn is another library for implementing WebAuthn server functionality. It offers a straightforward API for handling registration and authentication, similar to @simplewebauthn/server, but with a different approach to configuration and usage.
This package is available on npm:
npm install @simplewebauthn/server
You can find in-depth documentation on this package here: https://simplewebauthn.dev/docs/packages/server
SimpleWebAuthn supports all current WebAuthn attestation formats, including:
v3.0.0 - The one with a legacy
This release is focused on updating @simplewebauthn/browser for better browser support out of the box. Most projects will now pull in its (slightly larger) ES5 bundle to ensure maximum browser compatibility, including older browsers in which WebAuthn will never be available. The ES2018 build is still available for projects that only need to target newer browsers, but bundler configuration changes must now be made to include it instead of the ES5 build.
Packages:
Changes:
startAssertion() no longer Base64URL-encodes userHandle stringjsrsasign to 10.2.0 (see
GHSA-27fj-mc8w-j9wg)startAssertion() fixresponse.userHandle as returned from startAssertion().FAQs
SimpleWebAuthn for Servers
The npm package @simplewebauthn/server receives a total of 244,791 weekly downloads. As such, @simplewebauthn/server popularity was classified as popular.
We found that @simplewebauthn/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.