use Webauthn\PublicKeyCredentialRequestOptions;
// List of registered PublicKeyCredentialDescriptor classes associated to the user
$registeredAuthenticators = $publicKeyCredentialSourceRepository->findAllForUserEntity($userEntity);
$allowedCredentials = array_map(
static function (PublicKeyCredentialSource $credential): PublicKeyCredentialDescriptor {
return $credential->getPublicKeyCredentialDescriptor();
$registeredAuthenticators
// Public Key Credential Request Options
$publicKeyCredentialRequestOptions =
PublicKeyCredentialRequestOptions::create(
random_bytes(32) // Challenge
AuthenticationExtension::create('loc', true),
AuthenticationExtension::create('txAuthSimple', 'Please log in with a registered authenticator'),