Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
This framework contains PHP libraries and Symfony bundle to allow developpers to integrate that authentication mechanism into their web applications.
- Attestation Types
- basic attestation
- self attestation
- private CA attestation
- elliptic curve direct anonymous attestation (optional)
- Attestation Formats
- FIDO U2F attestation
- packed attestation
- TPM attestation
- Android key attestation (optional)
- Android Safetynet attestation
- Communication Channel Requirements
- TokenBinding support (optional)
- registration and authentication support without extension
- extension support
- appid extension support (optional)
- Cose Algorithms
- RS1, RS256, RS384, RS512
- PS256, PS384, PS512
- ES256, ES384, ES512
With this library, you can add multi-factor authentication like FIDO U2F does or add passwordless authentication support for your application using the new FIDO2 Webauthn specification.
There are two steps to perform:
- Associate the device to your user (Public Key Credential Creation)
- Check authentication request (Public Key Credential Request)
Install the library with Composer:
composer require web-auth/webauthn-lib.
This framework provides two bundles:
- Webauthn Bundle: this bundle uses the webauthn library to register services and attestation format supports. The documentation can be found here
- Webauthn Security Bundle: this bundle adds a new firewall based on webauthn. You will be able to authenticate your users with their username and FIDO2 compatible devices. The documentation can be found here.
- Webauthn Json Security Bundle: same as the previous one, except that it is designed for script clients waiting for a JSON API. The documentation can be found here
FIDO U2F is an old protocol, but widely adopted by a lot of web services. It adds a very robust and easy to use second factor authentication method.
The details for this library and the process are explained in this dedicated page.
TO BE WRITTEN
I bring solutions to your problems and answer your questions.
If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of
Requests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.
Do not forget to follow these best practices.
If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.
This software is release under MIT licence.