The username can be composed of any displayable characters, including emojis. Username "😝🥰😔" is perfectly valid.
Developers should not add rules that prevent users from choosing the username they want.
For privacy reasons, it is not recommended using the e-mail as username.
As for the rp Entity, the User Entity may have an icon. This icon must also be secured.
The Webauthn specification does not set any limit for the length of the icon.
The icon may be ignored by browsers, especially if its length is greater than 128 bytes.
User Entity Repository
The User Entity Repository manages all Webauthn users of your application.
There is no interface to implement or abstract class to extend so that it should be easy to integrate it in your application. You may already have a user repository.
Whatever database you use (MySQL, pgSQL…), it is not necessary to create relationships between your users and the Credential Sources.
Hereafter an example of a User Entity repository. In this example we suppose you already have methods to find users using their username or ID.
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2019 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Acme\Repository;
use Webauthn\PublicKeyCredentialUserEntity;
final class PublicKeyCredentialUserEntityRepository
{
public function findWebauthnUserByUsername(string $username): ?PublicKeyCredentialUserEntity
{
//We suppose you already have a method to find a user using its username
$user = $this->findOneBy(['username' => $username]);
if (null === $user) {
return null;
}
return $this->createUserEntity($user);
}
public function findWebauthnUserByUserHandle(string $userHandle): ?PublicKeyCredentialUserEntity
{
//We suppose you already have a method to find a user using its ID
$user = $this->findOneBy(['id' => $userHandle]);
if (null === $user) {
return null;
}
return $this->createUserEntity($user);
}
private function createUserEntity(User $user): PublicKeyCredentialUserEntity
{
//We create a PublicKeyCredentialUserEntity object
// This object requires the username, the ID and the name to display (e.g. "John Doe")
// The avatar URL is optional and could be null
return new PublicKeyCredentialUserEntity(
$user->username,
$user->id,
$user->displayName,
$user->avatarUrl
);
}
}
