Skip to content
FIDO-U2F / FIDO2 / Webauthn Framework
Branch: v1.2
Clone or download

Webauthn Framework

Scrutinizer Code Quality Coverage Status

Build Status

Latest Stable Version Total Downloads Latest Unstable Version License

Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

This framework contains PHP libraries and Symfony bundle to allow developpers to integrate that authentication mechanism into their web applications.

Supported features

  • Attestation Types
    • basic attestation
    • self attestation
    • private CA attestation
    • elliptic curve direct anonymous attestation (optional)
  • Attestation Formats
    • FIDO U2F attestation
    • packed attestation
    • TPM attestation
    • Android key attestation (optional)
    • Android Safetynet attestation
  • Communication Channel Requirements
    • TokenBinding support (optional)
  • Extensions
    • registration and authentication support without extension
    • extension support
    • appid extension support (optional)
  • Cose Algorithms
    • RS1, RS256, RS384, RS512
    • PS256, PS384, PS512
    • ES256, ES384, ES512
    • EdDSA


Webauthn Library

With this library, you can add multi-factor authentication like FIDO U2F does or add passwordless authentication support for your application using the new FIDO2 Webauthn specification.

There are two steps to perform:

Install the library with Composer: composer require web-auth/webauthn-lib.

Symfony Bundles

This framework provides two bundles:

  • Webauthn Bundle: this bundle uses the webauthn library to register services and attestation format supports. The documentation can be found here
  • Firewalls:
    • Webauthn Security Bundle: this bundle adds a new firewall based on webauthn. You will be able to authenticate your users with their username and FIDO2 compatible devices. The documentation can be found here.
    • Webauthn Json Security Bundle: same as the previous one, except that it is designed for script clients waiting for a JSON API. The documentation can be found here

Other libraries


FIDO U2F is an old protocol, but widely adopted by a lot of web services. It adds a very robust and easy to use second factor authentication method.

The details for this library and the process are explained in this dedicated page.

Cose Key



I bring solutions to your problems and answer your questions.

If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of 🍻 or more!

Become a Patreon


Requests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.

Do not forget to follow these best practices.

If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.


This software is release under MIT licence.

You can’t perform that action at this time.