Dealing with “localhost”
If your are working on a development environment,
httpsmay not be available but the context could be considered as secured. You can bypass the scheme verification by passing the list of rpIds you consider secured.
$publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
$publicKeyCredentialSource = $authenticatorAssertionResponse->check(