FIDO2 authenticators are still a novelty: They aren't all that cheap, can only store a very small number of persisted keys (Necessary for single-factor), have minimalistic user interfaces and most of the time aren't hardened by biometrics/pins.
Android has all the hardware goodies to be an excellent FIDO2 authenticator.
This project aims to implement CTAP2 over NFC, BLE and HID.
- U2F
- FIDO 2
- NFC: Working
- BLE: Android actively prevents the implementation of a FIDO over BLE for non-system apps 😫
- HID: It is possible to implement a HID transport over Bluetooth.
- /dev/uhid: This project doesn't need to be Android-exclusive ;)
- Show details of the site/user being enrolled / verified
- Perform user confirmation before enrollment / verification
- Client to Authenticator Protocol (CTAP)
- FIDO U2F Raw Message Formats
- Awesome WebAuthn and Passkey: Links to interesting FIDO-related resources
- WearAuthn: Nice Authenticator for WearOS, and very similar to this project!
- WebAuthn4J: The project focuses on the server side, but implements a complete U2F Authenticator as part of the test suite.