Authentication without username

PreviousAuthenticator Selection Criteria NextExtensions

Last updated 3 years ago

Was this helpful?

Authentication without username

With Webauthn, it is possible to authenticate a user without username. This behavior implies several constraints:

During the registration of the authenticator, a ,
The user verification is required,
The list of allowed authenticators must be empty

In case of failure, you should continue with the standard authentication process i.e. by asking the username of the user.

Examples

The Easy Way

Selection criterias for the registration of the authenticator:

use Webauthn\AuthenticatorSelectionCriteria;
use Webauthn\PublicKeyCredentialCreationOptions;

$authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(
    AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE,
    true,                                                                  // Resident key required
    AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED // User verification required
);

The Request Options:

<?php

use Webauthn\PublicKeyCredentialRequestOptions;

$ublicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
    PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_REQUIRED,
);

PreviousAuthenticator Selection Criteria NextExtensions

Last updated 3 years ago

Was this helpful?