config/packages/security.yaml
file that looks like as follow:main
)./login/options
: to create the request options (POST
only)/login
: to submit the assertion response (POST
only)https
)default
profile is used (see request_profiles
in the Configuration References). You may have created a request profile in the bundle configuration. You can use this profile instead of the default one./register/options
: to create the creation options (POST only)/register
: to submit the attestation response (POST only)IS_USER_PRESENT
: the user was present during the authentication ceremony. This attribute is usually set to true
by authenticators,IS_USER_VERIFIED
: the user was verified by the authenticator. Verification may be performed by several means including biometrics ones (fingerprint, iris, facial recognition…).ROLE_ADMIN
and that have been verified during the ceremony.options_path
during the authentication process. The default Request Options Handler is Webauthn\Bundle\Security\Handler\DefaultRequestOptionsHandler
. It returns a JSON Response with the Public Key Credential Request Options objects in its body.Webauthn\Bundle\Security\Handler\RequestOptionsHandler
and be declared as a service.Webauthn\Bundle\Security\Handler\CreationOptionsHandler
.Webauthn\Bundle\Security\Handler\DefaultSuccessHandler
.Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface
and be declared as a container service.Webauthn\Bundle\Security\Handler\DefaultFailureHandler
.Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface
and be declared as a container service.