v5.0

User Authentication

Consider the following login form.

<form>
    <label for="username">Username</label>
    <input name="username" type="text" id="username" placeholder="Type your username here" autocomplete="username">
    
    <label for="password">Password</label>
    <input name="password" type="password" id="password" placeholder="Type your password here" autocomplete="password">
    
    <button type="submit">
        Sign in
    </button>
</form>

First step is to remove the password field that is no longer needed. In addition, we can indicate the autocomplete method is webauthn; this helps browser understanding the purpose of this field.

<form>
    <label for="username">Username</label>
    <input name="username" type="text" id="username" placeholder="Type your username here" autocomplete="username webauthn">

    <button type="submit">
        Sign in
    </button>
</form>

We now have only two Twig functions to call: stimulus_controller and stimulus_action.

  • The first one is placed on the form level;

  • The latter on the button.

The Stimulus Controller should be configured to fits on your needs. In particular, the routes to the options and authenticator result. The route names used below are automatically created by the firewall from the bundle package. By using these values, we make sure the routes are always in line with the firewall configuration.

<form
    {{ stimulus_controller('@web-auth/webauthn-stimulus',
        {
            requestResultUrl: path('webauthn.controller.security.main.request.result'),
            requestOptionsUrl: path('webauthn.controller.security.main.request.options')
        }
    ) }}
>
    <label for="username">Username</label>
    <input name="username" type="text" id="username" placeholder="Type your username here" autocomplete="username webauthn">

    <button
        type="submit"
        {{ stimulus_action('@web-auth/webauthn-stimulus', 'signin') }}
    >
        Sign in
    </button>
</form>

Redirection after login

If you want to redirect the user to another page after the login succeeded, you can use the requestSuccessRedirectUri option:

{{ stimulus_controller('@web-auth/webauthn-stimulus',
    {
        requestSuccessRedirectUri: path('app.dashboard')
        requestResultUrl: path('webauthn.controller.security.main.request.result'),
        requestOptionsUrl: path('webauthn.controller.security.main.request.options')
    }
) }}

Browser Autofill

When authenticators are available on the device and the browser is aware of them, you can simplify the way the users will sign in. When this feature is enable, the user will see the list of available authenticators when focusing on the username field. By selecting an account in the list will automatically perform the authentication actions. There is a simple option to enable this feature:

{{ stimulus_controller('@web-auth/webauthn-stimulus',
    {
        useBrowserAutofill: true,
        requestSuccessRedirectUri: path('app.dashboard')
        requestResultUrl: path('webauthn.controller.security.main.request.result'),
        requestOptionsUrl: path('webauthn.controller.security.main.request.options')
    }
) }}
PreviousInstallationNextUser Registration

Last updated