# Token Binding

Browsers may support the Token Binding protocol (see [RFC 8471](https://tools.ietf.org/html/rfc8471)). This protocol defines a way to bind a token (the Responses in the Webauthn context) to the underlying TLS layer.

When receiving a Webauthn Response, the property `tokenBinding` in the `Webauthn\CollectedClientData` object has one of the following values:

* `null`: the token binding is not supported by the browser
* `"supported"`: the browser supports token binding, but no negotiation was performed during the communication
* `"present"`: the browser supports token binding, and it is present in the response. The token binding ID is provided.

This feature is not yet implemented in the library, but you can decide how the library will react in case of the presence of the token binding ID.

The library provides two concrete classes for the moment:

* `Webauthn\TokenBinding\IgnoreTokenBindingHandler`: the library will ignore the token binding,
* `Webauthn\TokenBinding\TokenBindingNotSupportedHandler`: the library will throw an exception if the token binding is present.

You can change this behavior by creating your own implementation. The handler must implement the interface `Webauthn\TokenBinding\TokenBindingHandler`.

## The Easy Way

```php
<?php

use Webauthn\Server;
use Webauthn\TokenBinding\TokenBindingNotSupportedHandler;

$server = new Server(
    $rpEntity
    $publicKeyCredentialSourceRepository
);

// Set your handler here
$server->setTokenBindingHandler(new TokenBindingNotSupportedHandler());
```

## The Hard Way

When you create your [Authenticator Attestation](https://webauthn-doc.spomky-labs.com/v3.0/the-webauthn-server/the-hard-way#authenticator-attestation-response-validator) and [Authenticator Assertion Response Validators](https://webauthn-doc.spomky-labs.com/v3.0/the-webauthn-server/the-hard-way#authenticator-assertion-response-validator), just inject the correct handler.

## The Symfony Way

{% code title="config/packages/webauthn.yaml" %}

```yaml
webauthn:
    token_binding_support_handler: Webauthn\TokenBinding\TokenBindingNotSupportedHandler
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://webauthn-doc.spomky-labs.com/v3.0/deep-into-the-framework/token-binding.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.