Hi there 👋

My name is Florent Morselli (flɔʁɑ̃ mɔʁseli). I am a French web developer and project manager passionate about PHP, ReactJS and Free, Libre & Open-Source Software. As far as possible, I contribute to projects or publish my own work.

The projects I am working on are mainly related to security over web applications. In particular, you will find useful libraries of Symfony bundles for

• One-Time Passwords (TOTP/HOTP) => see https://github.com/Spomky-Labs/otphp,
• Json Web Tokens (JWT, including signed and encrypted ones) => see https://github.com/web-token,
• Web Push => see https://github.com/Spomky-Labs/web-push,
• Concise Binary Object Representation (CBOR) => see https://github.com/Spomky-Labs/cbor-php,
• Webauthn => see https://github.com/web-auth.

Among all of these projects, let me encourage you to read more about Webauthn, a PHP implementation I am working on since end of 2018 and that will help you to get rid of passwords. I presented the possibilities offered by this technology during the second edition of ApiPlatformCon in September 2022 in Lille, France.

In addition, I had the opportunity to share my knowledge on web application security on workshops I gave during Symfony Live Paris 2023. In December 2024, I will provide new training on security with Symfony.

Feel free to ask me about all of these FLOSS projects or reach me on any other topics you may want to discuss.

Hereafter an overview of my involvement in the Open-Source ecosystem. If you wish, you can sponsor me. The GitHub Sponsors page or the Patreon page are made for that purpose. Any help is greatly appreciated and allows me to spend time on these projects.

👷 Check out what I'm currently working on

• Spomky-Labs/phpwa - PHP library for generating a full featured PWA manifest (1 day ago)
• Spomky-Labs/meteofony - [FAKE APP] Community-Driven Weather App (2 weeks ago)
• web-auth/webauthn-framework - FIDO-U2F / FIDO2 / Webauthn Framework (2 weeks ago)
• Spomky-Labs/otphp - 🔐 A PHP library for generating one time passwords according to RFC 4226 (HOTP) and the RFC 6238 (TOTP) (2 weeks ago)
• web-auth/symfony-webauthn-demo - Demo Application using Symfony 6, Tailwind, FrankenPHP, AssetMapper and Webauthn (4 weeks ago)
• web-auth/ux - [READ ONLY] Stimulus component for easy integration (4 weeks ago)
• Spomky-Labs/web-push - This framework contains PHP libraries and Symfony bundle to allow developers to integrate web-push notifications into their web applications. (1 month ago)
• Spomky-Labs/web-push-demo - (1 month ago)
• Spomky-Labs/keycloak-app - Keycloak (1 month ago)
• Spomky-Labs/php-aes-gcm - AES Galois Counter Mode encryption library for PHP (2 months ago)

🔨 My recent Pull Requests

• [HttpFoundation] Similar locale selection on symfony/symfony (1 week ago)
• Symfony 7 support on web-auth/webauthn-framework (1 week ago)
• [make:auth] Add throttling support to authenticator maker on symfony/maker-bundle (1 week ago)
• [make:reset-password] Last Symfony features + recommendation on symfony/maker-bundle (1 week ago)
• Rector+ECS+Infection+Brick/Math 0.12 on Spomky-Labs/pki-framework (2 weeks ago)
• leeway/window Migration path clarification on Spomky-Labs/otphp (2 weeks ago)
• Merge up 4.8.x to 5.0.0 on web-auth/webauthn-framework (4 weeks ago)
• Comments addressed on web-auth/webauthn-framework (4 weeks ago)
• Merge up 4.7.x to 4.8.x on web-auth/webauthn-framework (4 weeks ago)
• Deprecations/xsd validation on web-auth/webauthn-framework (4 weeks ago)

🔭 Latest releases I've contributed to

• lexik/LexikJWTAuthenticationBundle (v2.20.3, 4 days ago) - JWT authentication for your Symfony API
• web-auth/webauthn-framework (4.7.8, 1 week ago) - FIDO-U2F / FIDO2 / Webauthn Framework
• symfony/symfony (v7.0.1, 2 weeks ago) - The Symfony PHP framework
• symfony/validator (v7.0.0, 2 weeks ago) - Provides tools to validate values
• symfony/security-bundle (v7.0.0, 2 weeks ago) - Provides a tight integration of the Security component into the Symfony full-stack framework
• Spomky-Labs/web-push (3.1.0, 3 weeks ago) - This framework contains PHP libraries and Symfony bundle to allow developers to integrate web-push notifications into their web applications.
• web-token/jwt-framework (3.2.8, 3 months ago) - JWT Framework
• web-auth/cose-lib (4.2.3, 4 months ago) - Cose Key and Algorithms support
• Spomky-Labs/otphp (11.2.0, 8 months ago) - 🔐 A PHP library for generating one time passwords according to RFC 4226 (HOTP) and the RFC 6238 (TOTP)
• web-token/jwt-app (3.1.7, 8 months ago) - Standalone PHAR application to manage JWK, JWKSet and more

❤️ These awesome people sponsor me (thank you!)

• YousignAdmin (11 months ago)
• chalasr (2 years ago)
• passbolt (2 years ago)