W3C WebAuthn L3W3CShould KnowBack OfficeProduct

Web Authentication (WebAuthn)

Authentication & Authorization·World Wide Web Consortium

WHY YOU NEED THIS

Passkeys are the modern replacement for passwords. WebAuthn is the browser API. Every new auth system should evaluate it for primary or MFA flow.

What It Defines

W3C/FIDO spec for phishing-resistant authentication using public key cryptography. Powers passkeys, hardware security keys (YubiKey), and platform biometric authenticators (Touch ID, Face ID).

Canonical (Normative)

W3C Web Authentication Level 3

Convenient (Practical)

passkeys.dev MDN WebAuthn

webauthnpasskeysfidomfaauth

Standards Body

World Wide Web Consortium

Publishes web platform specs including CSS, accessibility, security policies, Service Workers, Web App Manifest, and many browser APIs. Also maintains some versioned HTML/DOM specs.

Visit

Related Specs

OIDC Core 1.0OpenIDMust Know

OIDC

Sign-in with Google/Apple/GitHub all use OIDC. If your app authenticates users via a third party, you're using OIDC whether you know it or not.

Back OfficeProductAuthentication & Authorization

Details

RFC 6749RFCMust Know

OAuth 2.0

The foundation of modern app auth: third-party login, API authorization, SSO, and machine-to-machine access all use OAuth 2.0.

Back OfficeProductAuthentication & Authorization

Details