A Linux Credential Manager API.
(Previously called linux-webauthn-platform-api.)
The primary goal of this project is to provide a spec and reference implementation of an API to mediate access to web credentials, initially local and remote FIDO2 authenticators. See GOALS.md for more information.
We have precompiled RPM packages for Fedora and openSUSE hosted by the Open Build Service (OBS). We also copy these for released versions to the release page.
There are several sub-packages:
credentialsd: The core credential servicecredentialsd-ui: The reference implementation of the UI component for credentialsd.credentialsd-webextension: Binaries and manifest files required for the Firefox add-on to function
Alternatively, you can build the project yourself using the instructions in BUILDING.md.
Right now, there are two ways to use this service.
There is an add-on that you can install in Firefox 140+ that allows you to test
credentialsd without a custom Firefox build. You can get the XPI from the
releases page for the corresponding version of
credentialsd-webextension package that you installed.
Currently, this add-on only works for https://webauthn.io and https://demo.yubico.com, but can be used to test various WebAuthn options and hardware.
There is also an experimental Firefox build that contains a patch to interact
with credentialsd directly without an add-on. You can access a
Flatpak package for it on OBS as well.
Here are some mockups of what this would look like for a user:
Alternatively, lock out the credential based on incorrect attempts.
- https://github.com/linux-credentials/libwebauthn (previously https://github.com/AlfioEmanueleFresta/xdg-credentials-portal)
- authenticator-rs
- webauthn-rs
See SECURITY.md for our security policy.
See the LICENSE.md file for license rights and limitations (LGPL-3.0-only).