Authenticate Your Users
First user authentication

Credential Request Options

To authenticate you user, you need to send a Webauthn\PublicKeyCredentialRequestOptions object.
To generate that object, you just need to call the method generatePublicKeyCredentialRequestOptions of the $server object.
In general, to authenticate your user you will ask them for their username first. With this username and your user repository, you will find the associated Webauthn\PublicKeyCredentialUserEntity.
And with the user entity you will get all associated Public Key Credential Source objects. The credential list is used to build the Public Key Credential Request Options.
1
<?php
2
3
use Webauthn\PublicKeyCredentialRequestOptions;
4
use Webauthn\PublicKeyCredentialUserEntity;
5
6
// UseEntity found using the username.
7
$userEntity = $userEntityRepository->findWebauthnUserByUsername('john.doe');
8
9
// Get the list of authenticators associated to the user
10
$credentialSources = $credentialSourceRepository->findAllForUserEntity($userEntity);
11
12
// Convert the Credential Sources into Public Key Credential Descriptors
13
$allowedCredentials = array_map(function (PublicKeyCredentialSource $credential) {
14
return $credential->getPublicKeyCredentialDescriptor();
15
}, $credentialSources);
16
17
// We generate the set of options.
18
$publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
19
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value
20
$allowedCredentials
21
);
Copied!
Now send the options to the authenticator using your favorite Javascript framework, library or the example available in the Javascript page.

Response Verification

When the authenticator sends you the computed response (i.e. the user touched the button, fingerprint reader, submitted the PIN…), you can load it and check it.
The authenticator response looks similar to the following example:
1
{
2
"id":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA",
3
"rawId":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA",
4
"response":{
5
"authenticatorData":"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAAA",
6
"signature":"MEYCIQCv7EqsBRtf2E4o_BjzZfBwNpP8fLjd5y6TUOLWt5l9DQIhANiYig9newAJZYTzG1i5lwP-YQk9uXFnnDaHnr2yCKXL",
7
"userHandle":"",
8
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJ4ZGowQ0JmWDY5MnFzQVRweTBrTmM4NTMzSmR2ZExVcHFZUDh3RFRYX1pFIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwidHlwZSI6IndlYmF1dGhuLmdldCJ9"
9
},
10
"type":"public-key"
11
}
Copied!
The library needs PSR-7 requests. In the example below, we use nyholm/psr7-server to get that request.
1
<?php
2
3
use Nyholm\Psr7\Factory\Psr17Factory;
4
use Nyholm\Psr7Server\ServerRequestCreator;
5
6
$psr17Factory = new Psr17Factory();
7
$creator = new ServerRequestCreator(
8
$psr17Factory, // ServerRequestFactory
9
$psr17Factory, // UriFactory
10
$psr17Factory, // UploadedFileFactory
11
$psr17Factory // StreamFactory
12
);
13
14
$serverRequest = $creator->fromGlobals();
15
16
try {
17
$publicKeyCredentialSource = $server->loadAndCheckAssertionResponse(
18
'_The authenticator response you received…',
19
$publicKeyCredentialRequestOptions, // The options you stored during the previous step
20
$userEntity, // The user entity
21
$serverRequest // The PSR-7 request
22
);
23
24
//If everything is fine, this means the user has correctly been authenticated using the
25
// authenticator defined in $publicKeyCredentialSource
26
} catch(\Throwable $exception) {
27
// Something went wrong!
28
}
Copied!
Last modified 1d ago