From v2.x to v3.0

Step-by-step guide for migrating from v2.x to v3.0

This project follows the Semantic Versioning principles and, contrary to upgrade a minor version (where the middle number changes) where no difficulty should be encountered, upgrade a major version (where the first number changes) is subject to significant modifications.

Update the libraries

First of all, you have to make sure you are using the last v2.x release (v2.1.7 at the time of writing).

Spot deprecations

Next, you have to verify you don’t use any deprecated class, interface, method or property. If you have PHPUnit tests, you can easily get the list of deprecation used in your application.

This section is not yet finished

General modifications

CBOR\Decoder Service Not Needed Anymore

You don't have to inject the CBOR\Decoder service anymore. This service is automatically created with the necessary options.

Example:

use Webauthn\AuthenticatorAssertionResponseValidator;
//Before:
$validator = new AuthenticatorAssertionResponseValidator(
$publicKeyCredentialSourceRepository,
$decoder,
$tokenBindingHandler,
$extensionOutputCheckerHandler,
$algorithmManager
);
//After
$validator = new AuthenticatorAssertionResponseValidator(
$publicKeyCredentialSourceRepository,
$tokenBindingHandler,
$extensionOutputCheckerHandler,
$algorithmManager
);

Metadata Statement Repository Is Required

You must inject the Metadata Statement Repository to use Metadata Statement types other than none.

Removed methods, functions or properties

  • Webauthn\PublicKeyCredentialSource::createFromPublicKeyCredential()

  • Webauthn\ CertificateToolbox::checkAttestationMedata()

Internal Dependency Changes:

  • Added:

    • league/uri-components ^2.1

    • psr/log ^1.1

    • sensio/framework-extra-bundle ^5.2

  • Bumped:

    • league/uri from ^5.3 to ^6.0

    • spomky-labs/cbor-bundle from ^1.0 to ^2.0

    • symfony/* from ^4.3 to ^5.0

  • Removed:

    • symfony/http-client

Update your Configuration Files

To be written

Upgrade the libraries

It is now time to upgrade the libraries. In your composer.json, change all web-auth/* dependencies from v2.x to v3.0. When done, execute composer update.

This may also update other dependencies. You can list upgradable libraries by calling composer outdated. Please make sure these libraries do not impact your upgrade.

All Modifications In A Row

If you want to see all modifications at once, please have a look at this page.