What is Webauthn?
Overview of the framework
Was this helpful?
Overview of the framework
Was this helpful?
Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
The complete specification can be found on .
This framework contains PHP libraries and Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.
Naming things may be complicated. That’s why the following rule applies on the whole framework: the name of classes, constants and properties are identical to the ones you will find in the specification.
As an example, the shows an object named AuthenticatorAssertionResponse that extends AuthenticatorResponse with the following properties:
authenticatorData
signature
userHandle
You will find in the PHP class provided by the library.
Attestation Types
Empty
Basic
Self
Private CA
Anonymization CA
Attestation Formats
FIDO U2F
Packed
TPM
Android Key
Apple
Cose Algorithms
RS1, RS256, RS384, RS512
PS256, PS384, PS512
ES256, ES256K, ES384, ES512
ED25519
Extensions
Supported (not fully tested)
appid extension (compatibility with FIDO U2F authenticator
As of January 2023, our framework supports every authenticator with full feature and algorithm support, achieving a 100% success rate across all tests. Official FIDO Alliance testing tools have validated its compliance.
We ensure continuous conformity through rigorous unit and functional testing throughout the development process.
I bring solutions to your problems and answer your questions.
Requests for new features, bug fixed and all other ideas to make this framework useful are welcome.
See and
If you really love that project, and the work I have done or if you want I prioritize your issues, then !
If you feel comfortable writing code, you could try to fix or .
Do not forget to follow .
If you think you have found a security issue, DO NOT open an issue. .