Webauthn Framework
Search…
v4.0
The project
Introduction
Web Browser Support
Installation
Contributing
Webauthn In A Nutshell
Authenticators
Ceremonies
Metadata Statement
User Verification
Extensions
Token Binding
Prerequisites
The Relying Party
Credential Source Repository
User Entity
Javascript
Pure PHP
Webauthn Server
Register Authenticators
Authenticate Your Users
Advanced Behaviours
Symfony Bundle
Bundle Installation
Credential Source Repository
User Entity Repository
Firewall
Configuration References
Advanced Behaviors
Register Additional Authenticators
Debugging
User Verification
Attestation and Metadata Statement
Authenticator Selection Criteria
Authentication without username
Extensions
Token Binding
Authenticator Counter
Dealing with “localhost”
Migration
From v3.x to v4.0
Powered By GitBook
Authentication without username
With Webauthn, it is possible to authenticate a user without username. This behavior implies several constraints:
  1. 1.
    During the registration of the authenticator, a Resident Key must have been asked,
  2. 2.
    The user verification is required,
  3. 3.
    The list of allowed authenticators must be empty
In case of failure, you should continue with the standard authentication process i.e. by asking the username of the user.
The bundle configuration should have a profile with the constraints listed above:
1
webauthn:
2
credential_repository: '…'
3
user_repository: '…'
4
creation_profiles:
5
default:
6
rp:
7
name: 'My application'
8
id: 'example.com'
9
authenticator_selection_criteria:
10
require_resident_key: true
11
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED
12
request_profiles:
13
default:
14
rp_id: 'example.com'
15
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED
Copied!
Previous
Authenticator Selection Criteria
Next
Extensions
Last modified 2mo ago
Export as PDF
Copy link
Edit on GitHub