passkeydeveloper / passkey-authenticator-aaguids Goto Github PK

This repo contains a community sourced list of AAGUIDs for passkey authenticators to help with naming in end user management UIs

Home Page: https://passkeydeveloper.github.io/passkey-authenticator-aaguids/explorer/

CSS 29.55% HTML 26.07% JavaScript 44.37%

passkey-authenticator-aaguids's Introduction

Passkey Provider AAGUIDs

This is a community-driven list of known passkey provider AAGUIDs to assist with naming passkeys in end user passkey management interfaces (e.g. account settings). It is not intended to be used for any other purpose and could go away at any time.

Important

When this list is officially retired at some point in the future, the contents of both aaguid.json and combined_aaguid.json will be removed, leaving an empty object.

It is highly recommended that you add some code that checks for an empty object after fetching the document (ex: Object.keys(aaguid).length === 0), and notifying the appropriate team(s). This README will also be updated with details.

This does not replace FIDO's Metadata Service (MDS), which should continue to be used for all authoritative security details about FIDO authenticators. Some AAGUIDs in this list may not appear in FIDO MDS.

A visual explorer of the list is available here: https://passkeydeveloper.github.io/passkey-authenticator-aaguids/explorer/

Schema

For full details, see the latest JSON schema file: https://github.com/passkeydeveloper/passkey-authenticator-aaguids/blob/main/aaguid.json.schema

The top level property value is the AAGUID itself. For consistency in this file, ensure it is lowercase.

Each AAGUID member has at minimum, a name property. This property represents the friendly name of the passkey provider for display in RP interfaces. For example, "Google Password Manager", "Dashlane", or "1Password".

Each AAGUID member can also optionally contain embedded icon data, for use next to the friendly name in RP interfaces.

The properties are icon_dark and icon_light. The values of these properties must be SVG data encoded into a base64 data URI. icon_dark should be a version targeted at dark mode and/or dark backgrounds. icon_light should be a version targeted at light mode and/or light backgrounds. The image must be square.

Many web-based tools can do this encoding/formatting, including: https://base64.guru/converter/encode/image/svg (select Data URI under "Output Format").

Example of the Google G icon as a base64 encoded SVG data URI:

data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLCAwLCAwLCAxLCAyNy4wMDkwMDEsIC0zOS4yMzg5OTgpIj4KICAgIDxwYXRoIGZpbGw9IiM0Mjg1RjQiIGQ9Ik0gLTMuMjY0IDUxLjUwOSBDIC0zLjI2NCA1MC43MTkgLTMuMzM0IDQ5Ljk2OSAtMy40NTQgNDkuMjM5IEwgLTE0Ljc1NCA0OS4yMzkgTCAtMTQuNzU0IDUzLjc0OSBMIC04LjI4NCA1My43NDkgQyAtOC41NzQgNTUuMjI5IC05LjQyNCA1Ni40NzkgLTEwLjY4NCA1Ny4zMjkgTCAtMTAuNjg0IDYwLjMyOSBMIC02LjgyNCA2MC4zMjkgQyAtNC41NjQgNTguMjM5IC0zLjI2NCA1NS4xNTkgLTMuMjY0IDUxLjUwOSBaIi8+CiAgICA8cGF0aCBmaWxsPSIjMzRBODUzIiBkPSJNIC0xNC43NTQgNjMuMjM5IEMgLTExLjUxNCA2My4yMzkgLTguODA0IDYyLjE1OSAtNi44MjQgNjAuMzI5IEwgLTEwLjY4NCA1Ny4zMjkgQyAtMTEuNzY0IDU4LjA0OSAtMTMuMTM0IDU4LjQ4OSAtMTQuNzU0IDU4LjQ4OSBDIC0xNy44ODQgNTguNDg5IC0yMC41MzQgNTYuMzc5IC0yMS40ODQgNTMuNTI5IEwgLTI1LjQ2NCA1My41MjkgTCAtMjUuNDY0IDU2LjYxOSBDIC0yMy40OTQgNjAuNTM5IC0xOS40NDQgNjMuMjM5IC0xNC43NTQgNjMuMjM5IFoiLz4KICAgIDxwYXRoIGZpbGw9IiNGQkJDMDUiIGQ9Ik0gLTIxLjQ4NCA1My41MjkgQyAtMjEuNzM0IDUyLjgwOSAtMjEuODY0IDUyLjAzOSAtMjEuODY0IDUxLjIzOSBDIC0yMS44NjQgNTAuNDM5IC0yMS43MjQgNDkuNjY5IC0yMS40ODQgNDguOTQ5IEwgLTIxLjQ4NCA0NS44NTkgTCAtMjUuNDY0IDQ1Ljg1OSBDIC0yNi4yODQgNDcuNDc5IC0yNi43NTQgNDkuMjk5IC0yNi43NTQgNTEuMjM5IEMgLTI2Ljc1NCA1My4xNzkgLTI2LjI4NCA1NC45OTkgLTI1LjQ2NCA1Ni42MTkgTCAtMjEuNDg0IDUzLjUyOSBaIi8+CiAgICA8cGF0aCBmaWxsPSIjRUE0MzM1IiBkPSJNIC0xNC43NTQgNDMuOTg5IEMgLTEyLjk4NCA0My45ODkgLTExLjQwNCA0NC41OTkgLTEwLjE1NCA0NS43ODkgTCAtNi43MzQgNDIuMzY5IEMgLTguODA0IDQwLjQyOSAtMTEuNTE0IDM5LjIzOSAtMTQuNzU0IDM5LjIzOSBDIC0xOS40NDQgMzkuMjM5IC0yMy40OTQgNDEuOTM5IC0yNS40NjQgNDUuODU5IEwgLTIxLjQ4NCA0OC45NDkgQyAtMjAuNTM0IDQ2LjA5OSAtMTcuODg0IDQzLjk4OSAtMTQuNzU0IDQzLjk4OSBaIi8+CiAgPC9nPgo8L3N2Zz4=

Contributing

If you represent a passkey provider, you can add your AAGUID by creating a pull request. Be sure to validate your changes using a JSON Schema tool (ajv, for example). A validation will also take place when your PR is created.

Please be sure your GitHub profile is complete with an organization name, and contact information in your organization's realm (e.g. company email). If that is not possible, you may be asked to verify out of band.

passkey-authenticator-aaguids's People

Contributors

Stargazers

Watchers

passkey-authenticator-aaguids's Issues

License?

Can I include aaguid.json in my open source software? (redistribute it)

Add web interface to view data

It would be nice to add a web frontend to this project in order to easily view the content of the JSON data.
Here is a proposal:

What about localized names?

all names seems to be in English language. There might be a need to localize to some languages (e.g., Japanese, Korean, ...). How could such localized names be expressed?

Add required "scope" property

One of the concerns that has come up with this list is that some passkey providers are (for good reason) limiting which RPs they send the AAGUID. This can be confusing for RPs who are testing with this list and those providers.

This proposal is to add a new required "scope" property.

Proposals for values:

Proposal 1: all, some
Proposal 2: global, limited
Proposal 3: all, allowlist
<what else?>

@christiaanbrand @agl @irew

Add icon guidelines?

Hi,

currently, the icons come in a large variety of formats. Some SVG, many PNG, and a few ones not even stating which image format, just raw data. The icons also have completely different sizes, some square with sizes ranging from 16x16 to 1000x1000 and some rectangles ranging from 58x18 to 1000x305. Many do not even use transparency but white background.

Perhaps adding some conventions like "only png" or "only svg" with a predefined size, or a few sizes, would help having more homogenous icons.

Yubikey AAGUIDs

I was curious if there's a reason why Yubikey AAGUIDs are not included? Are these just tracking AAGUIDs for multi-device webauthn credentials?

Here are the Yubikey AAGUIDs for reference: https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs

LastPass support?

Would you please also add LastPass support?

https://www.lastpass.com/

Fire MDS merge action on changes to aaguid.json

Right now the action only merges MDS on a schedule and only if there's changes, which means any additions to the provider list are not added in until a change in MDS occurs.

Add Chrome's virtual authenticator

With AAGUID 01020304-0506-0708-0102-030405060708. I guess "Chrome Virtual Authenticator" is a good name. Someone would have to make some icons for it though. 😄

aaguid.json should override MDS values

Hi
As of today if an aaguid is defined in both aaguid.json and MDS, the name and icon from MDS is used in combined_aaguid.json.
This for example happens with Windows Hello aaguids.
Shouldn't the values from aaguid.json be used instead of MDS data? If not, what is the purpose of redefining an MDS aaguid in aaguid.json?

Provider logo

What do we think about adding an optional value that links to branding materials that can be used to display the provider logo?

Something like this:

{
    "531126d6-e717-415c-9320-3d9aa6981239": {
        "name": "Dashlane",
        "brandUrl": "https://brandfolder.com/dashlane"
    }
}

It can be any resource that helps with the branding, either a logo file directly or something that can provide branding materials.

This will make it simpler for an RP if they wanted to incorporate some visual representation of the provider, as we've seen with Google.

Comment in svg icon

Hello,

I saw that some icons like the Bitwarden ones have comments in them: . I think it would be good to remove them from the blobs to reduce the size of the file.

Add Protonpass

The AAGUID for Protonpass is

50726f746f6e5061737350726f746f6e

I am going to point Protonpass in the direction of this issue

Disambiguate Windows Hello AAGUIDs

There are four Windows Hello entries with identical friendlyName and verboseName of "Windows Hello":

    "08987058-cadc-4b81-b6e1-30de50dcbe96": {
        "platform": "Windows",
        "friendlyName": "Windows Hello",
        "verboseName": "Windows Hello"
    },
    "9ddd1817-af5a-4672-a2b9-3e3dd95000a9": {
        "platform": "Windows",
        "friendlyName": "Windows Hello",
        "verboseName": "Windows Hello"
    },
    "6e96969e-a5cf-4aad-9b56-305fe6c82795": {
        "platform": "Windows",
        "friendlyName": "Windows Hello",
        "verboseName": "Windows Hello"
    },
    "6028b017-b1d4-4c02-b4b3-afcdafc96bb2": {
        "platform": "Windows",
        "friendlyName": "Windows Hello",
        "verboseName": "Windows Hello"
    }

Can additional info be added to the verboseName's to help RP's understand why Windows Hello gets 4 AAGUID's?