use Psr\Log\LoggerInterface;
use Webauthn\PublicKeyCredentialSource;
final class CustomCounterChecker implements CounterChecker
public function __construct(private UserRepository $userRepository)
public function check(PublicKeyCredentialSource $publicKeyCredentialSource, int $currentCounter): void
if ($currentCounter > $publicKeyCredentialSource->getCounter()) {
$userId = $publicKeyCredentialSource->getUserHandle();
$user = $this->userRepository->lockUserWithId($userId);
$this->logger->error('The counter is invalid', [
'current' => $currentCounter,
'new' => $publicKeyCredentialSource->getCounter(),
throw new CustomSecurityException('Invalid counter. User is now locked.');