Webauthn Framework
v5.1
v5.1
  • WebAuthn: Strong Authentication for your PHP applications
  • The project
    • What is Webauthn?
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • User Verification
    • Metadata Statement
    • Extensions
  • Prerequisites
    • The Relying Party
    • Credential Source
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Input Loading
    • Input Validation
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Authentication without username
      • Authenticator Algorithms
      • Attestation and Metadata Statement
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Fake Credentials
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From 5.x to 6.0
  • Symfony UX
    • Installation
    • User Authentication
    • User Registration
    • Additional Authenticators
Powered by GitBook
On this page
  • Class, Constant and Property Names
  • Supported features
  • Compatible Authenticators
  • Support
  • Contributing

Was this helpful?

Edit on GitHub
Export as PDF
  1. The project

What is Webauthn?

Overview of the framework

PreviousWebAuthn: Strong Authentication for your PHP applicationsNextWeb Browser Support

Was this helpful?

Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

The complete specification can be found on .

This framework contains PHP libraries and Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.

Class, Constant and Property Names

Naming things may be complicated. That’s why the following rule applies on the whole framework: the name of classes, constants and properties are identical to the ones you will find in the specification.

As an example, the shows an object named AuthenticatorAssertionResponse that extends AuthenticatorResponse with the following properties:

  • authenticatorData

  • signature

  • userHandle

    You will find in the PHP class provided by the library.

Supported features

  • Attestation Types

    • Empty

    • Basic

    • Self

    • Private CA

    • Anonymization CA

  • Attestation Formats

    • FIDO U2F

    • Packed

    • TPM

    • Android Key

    • Apple

  • Cose Algorithms

    • RS1, RS256, RS384, RS512

    • PS256, PS384, PS512

    • ES256, ES256K, ES384, ES512

    • ED25519

  • Extensions

    • Supported (not fully tested)

    • appid extension (compatibility with FIDO U2F authenticator

Compatible Authenticators

As of January 2023, our framework supports every authenticator with full feature and algorithm support, achieving a 100% success rate across all tests. Official FIDO Alliance testing tools have validated its compliance.

We ensure continuous conformity through rigorous unit and functional testing throughout the development process.

Support

I bring solutions to your problems and answer your questions.

Contributing

Requests for new features, bug fixed and all other ideas to make this framework useful are welcome.

See and

If you really love that project, and the work I have done or if you want I prioritize your issues, then !

If you feel comfortable writing code, you could try to fix or .

Do not forget to follow .

If you think you have found a security issue, DO NOT open an issue. .

the W3C dedicated page
section 5.2.2 “Web Authentication Assertion”
EXACTLY the same structure
https://github.com/herrjemand/awesome-webauthn/pull/61
https://github.com/herrjemand/awesome-webauthn#server-libs
you can help me out for a couple of🍻 or more
opened issues where help is wanted
those that are easy to fix
these best practices
You MUST submit your issue here