TLDR: FIDO + OIDC Server. A user authentication gateway to a passwordless world. Try at Fido2me.com
Inspired by Webauthn.io and based on Fido2-net-lib it is an attempt to bring closer passwordless future. The end goal is to build a new incarnation of "OpenID" social provider but based on modern authention protocols - FIDO2.
Big corporations are already providing passwordless experience in addition to old passwords. However, there are two problems with that:
The device-bound credentials are the next logical step. But the recovery challenge should be solved too. It is impractical to think that users will buy, test, and use multiple roaming authenticators, e.g. Yubikey. Not all of them. It's too complicated and expensive for the majority of the users.
The project Fido2Me will try to provide a user-friendly way to add multiple device authenticators to your account. Windows, Mac, Security Key, IOS, Android. Use any combination of them to have enough redundancy for your authentication. Fido2Me will not support password-based flows. No traditional recovery. Just add more authenticators. But Fido2Me is not a library. It is a service. The second piece is a full-sized OAuth server (based on Duende). Once it's ready, anyone should be able to create an app (confidential, private, or device flow OAuth client). OAuth is great; you can use existing OAuth libraries to integrate into Fido2Me and provide a new social login experience.
OpenID social provider was a great attempt to reduce the number of accounts. Unfortunately, it didn't become very popular. Facebook, Google and MS social providers have many more users. I guess I'm crazy enough to try again and provide a new independent social login. The main project is available under the AGPL license. I do support privacy. Something that you will never get from big companies. More information will be available later. In short, I don't need a lot to provide authentication functionality. Everything else will be optional to create a proper OpenID profile to be used by other applications (OAuth apps).
It's ready to try and feel a new passwordless experience. Username and usernameless flows are combined in a way it will work on most platforms. The storage is permanent, not just in memory.
You need to provide a nickname only. If you want to be "fluffybunny", so be it. An email address is optional; it will only be used for important notifications. Device attestation is required - to prepopulate a device name to manage multiple authenticators. All attestations are accepted. In the future, an optional OpenID profile will be supported.
Create an OAuth application (confidential or private), save client id and client secret. Use existing OAuth knowledge and get identity from fido2me. Try Confidential client (with or without PKCE), only authorization code grant is supoorted so far. CIBA and Device flow can be added later.
You will need to install the Azure Cosmos DB emulator or use a cloud database instance along with created an Application Insight service instance. I'm using Azure Key Vault to get access to secrets. More instructions are needed here!