Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
This framework contains PHP libraries and Symfony bundle to allow developpers to integrate that authentication mechanism into their web applications.
- Attestation Types
- basic attestation
- self attestation
- private CA attestation
- elliptic curve direct anonymous attestation (optional)
- Attestation Formats
- FIDO U2F attestation
- packed attestation
- TPM attestation
- Android key attestation (optional)
- Android Safetynet attestation
- Communication Channel Requirements
- TokenBinding support (optional)
- Extensions
- registration and authentication support without extension
- extension support
- appid extension support (optional)
- Cose Algorithms
- RS1, RS256, RS384, RS512
- PS256, PS384, PS512
- ES256, ES256K, ES384, ES512
- ED25519
If you want to quickly start a Webauthn Server, you should read how to use the Server class.
If you prefer to build integrate it into your application, you should directly use the library or the Symfony bundle.
With this library, you can add multi-factor authentication like FIDO U2F does or add passwordless authentication support for your application using the new FIDO2 Webauthn specification.
There are two steps to perform:
- Associate the device to your user (Public Key Credential Creation)
- Check authentication request (Public Key Credential Request)
Install the library with Composer: composer require web-auth/webauthn-lib
.
This framework provides a Symfony bundle to store, load and verify the data from the authenticators.
This bundle also includes a firewall based on webauthn that will help you to protect the routes. You will be able to authenticate your users with their username and FIDO2 compatible authenticators.
This library provides all tools and data structures to easily consume the Fido Metadata Service.
Please not that the service and the associated specification should be considered as experimental
The details for this library and the process are explained in this dedicated page.
TO BE WRITTEN
I bring solutions to your problems and answer your questions.
If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of 🍻 or more!
Requests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.
Do not forget to follow these best practices.
If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.
This software is release under MIT licence.