Authenticator Counter
The authenticators may have an internal counter. This feature is very helpful to detect cloned devices.
The default behaviour is to reject the assertions. This behaviour might cause some troubles as it could reject the real device whilst the fake one can continue to be used.
It is therefore required to go deeper in the protection of your application by logging the error and locking the associated account.
To do so , you have to create a custom Counter Checker and inject it to your Authenticator Assertion Response Validator. The checker must implement the interface Webauthn\Counter\CounterChecker.
1
<?php
2
3
declare(strict_types=1);
4
5
6
namespace App\Service;
7
8
use App\SecuritySystem;
9
use Assert\Assertion;
10
use Throwable;
11
use Webauthn\PublicKeyCredentialSource;
12
13
final class CustomCounterChecker implements CounterChecker
14
{
15
private $securitySystem;
16
17
public function __construct(SecuritySystem $securitySystem)
18
{
19
$this->securitySystem = $securitySystem ;
20
}
21
22
public function check(PublicKeyCredentialSource $publicKeyCredentialSource, int $currentCounter): void
23
{
24
try {
25
Assertion::greaterThan($currentCounter, $publicKeyCredentialSource->getCounter(), 'Invalid counter.');
26
} catch (Throwable $throwable) {
27
$this->securitySystem->fakeDeviceDetected($publicKeyCredentialSource);
28
throw $throwable;
29
}
30
}
31
}
Copied!

The Easy Way

1
<?php
2
3
use Webauthn\Server;
4
5
$server = new Server(
6
$rpEntity
7
$publicKeyCredentialSourceRepository
8
);
9
10
// Set your handler here
11
$server->setCounterChecker(new CustomCounterChecker());
Copied!

The Hard Way

1
$authenticatorAssertionResponseValidator = new AuthenticatorAssertionResponseValidator(
2
$publicKeyCredentialSourceRepository,
3
$tokenBindingHandler,
4
$extensionOutputCheckerHandler,
5
$coseAlgorithmManager,
6
new CustomCounterChecker()
7
);
Copied!

The Symfony Way

config/packages/webauthn.yaml
1
webauthn:
2
counter_checker: App\Service\CustomCounterChecker
Copied!
Last modified 1mo ago
Export as PDF
Copy link