Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
The complete specification can be found on the W3C dedicated page.
This framework contains PHP libraries and Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.
Naming things may be complicated. That’s why the following rule applies on the whole framework: the name of classes, constants and properties are identical to the ones you will find in the specification.
As an example, the section 5.3.3 “Web Authentication Assertion” shows an object named
AuthenticatorAssertionResponse that extends
AuthenticatorResponse with the following properties:
You will find EXACTLY the same structure in the PHP class provided by the library.
Elliptic Curve Direct Anonymous Attestation (ECDAA)
Token Binding support
RS1, RS256, RS384, RS512
PS256, PS384, PS512
ES256, ES256K, ES384, ES512
Supported (not fully tested)
The framework is already compatible with all authenticators except the one that use ECDAA Attestation format.
The compliance of the framework is ensured by running unit and functional tests during its development.
It is also tested using the official FIDO Alliance testing tools. The status of the compliance tests are reported in this issue. At the time of writing (end of January. 2020), the main features and algorithms are supported and 99% of the tests pass. Full compliance with the Webauthn specification is expected in early 2020.
I bring solutions to your problems and answer your questions.
If you really love that project, and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of🍻 or more!
Requests for new features, bug fixed and all other ideas to make this framework useful are welcome.
Do not forget to follow these best practices.