WebAuthn Extensions supported in UAF/FIDO2
This is an implementation based on information by the FIDO Alliance regarding FIDO2 extensions provided by the Web Authentication: An API for accessing Public Key Credentials Level 1 (August 2018 version). Due to confidentiality,
the information on vendors has been anonymized.
1. UAF tests and associated WebAuthn extensions
List of FIDO Alliance UAF tests that are testing the FIDO extensions
supported in WebAuthn:
- Simple Transaction Authorization Extension (txAuthSimple)
- Protocol-Reg-Req-4(Page 4-5)/Protocol-Auth-Req-4(Page 15),
Protocol-Auth-Req-7(Page 16-17)
- Generic Transaction Authorization Extension (txAuthGeneric)
- Protocol-Auth-Req-7(Page 16-17)
- Authenticator Selection Extension (authnSel)
- Part of ASM Specific
behaviour. Not directly tested. Client-ASM-Protocol-1(Page 27)
- Supported Extensions Extension (exts)
- Specified in Metadata
statement(Metadata-Statement-1 Page 32), DiscoveryInfo in
ASM(Client-ASM-Protocol-1 Page 27), JS API(Client-DOM-JSAPI-1 Page 22-23),
Android Intent(Client-Android-IntentAPI-1 Page 24-25) and
iOS(Client-iOS-CustomURLAPI-1 Page 25-26)
- User Verification Index Extension (uvi)
- Specified in Metadata
statement(Metadata-Statement-1 Page 32), DiscoveryInfo in
ASM(Client-ASM-Protocol-1 Page 27), JS API(Client-DOM-JSAPI-1 Page 22-23),
Android Intent(Client-Android-IntentAPI-1 Page 24-25) and
iOS(Client-iOS-CustomURLAPI-1 Page 25-26)
- User Verification Method Extension (uvm)
- Specified in Metadata
statement(Metadata-Statement-1 Page 32), DiscoveryInfo in
ASM(Client-ASM-Protocol-1 Page 27), JS API(Client-DOM-JSAPI-1 Page 22-23),
Android Intent(Client-Android-IntentAPI-1 Page 24-25) and
iOS(Client-iOS-CustomURLAPI-1 Page 25-26)
- Biometric Authenticator Performance Bounds Extension
(biometricPerfBounds)
- Specified in Metadata
statement(Metadata-Statement-1 Page 32), DiscoveryInfo in
ASM(Client-ASM-Protocol-1 Page 27), JS API(Client-DOM-JSAPI-1 Page 22-23),
Android Intent(Client-Android-IntentAPI-1 Page 24-25) and
iOS(Client-iOS-CustomURLAPI-1 Page 25-26)
Page numbers refer to internal FIDO Alliance documentation.
The FIDO AppID Extension was tested using web-platform-tests.
The Location Extension (loc) is not tested in UAF. It is known to have at least 2 implementations but those haven't been
tested as far as we know. Note that this extension, as supported in the WebAuthn specification, would be reusing an existing
interface (Coordinates) as defined in the Geolocation API.
2. Implementations
This is a partial anonymized list vendors providing one or more implementations passing all the tests listed above (client and/or authenticator).
Extensions |
Vendor A |
Vendor B |
Vendor C |
Vendor D |
Vendor E |
Vendor F |
Simple Transaction Authorization Extension (txAuthSimple) |
Y |
Y |
Y |
Y |
Y |
Y |
Generic Transaction Authorization Extension (txAuthGeneric) |
Y |
Y |
Y |
Y |
Y |
Y |
Authenticator Selection Extension (authnSel) |
Y |
Y |
Y |
Y |
Y |
Y |
Supported Extensions Extension (exts) |
Y |
Y |
Y |
Y |
Y |
Y |
User Verification Index Extension (uvi) |
Y |
Y |
Y |
Y |
Y |
Y |
User Verification Method Extension (uvm) |
Y |
Y |
Y |
Y |
Y |
Y |
Biometric Authenticator Performance Bounds Extension
(biometricPerfBounds) |
Y |
Y |
Y |
Y |
Y |
Y |