For any questions not answered here, feel free to start a discussion on the repo.

Does this store the user's fingerprint, PIN or patterns on my application? No. We only store the public key generated by the device.

Can a phishing site steal WebAuthn credentials and use them on my site? No. WebAuthn prevents phishing attacks.

Can WebAuthn data identify a particular device? No. Unless explicitly requested and authorized by the user.

Can a user register multiple devices? Yes. We suggest placing limits on how many devices a user may register, however.

Is front-end JavaScript included? Yes, however we only provide scripts required to trigger the WebAuthn prompts. You are responsible for writing JavaScript for your UI to communicate with our scripts.

Questions & Issues
Caught a mistake? Suggest an edit on GitHub