Last updated
Last updated
Now we want to register a new authenticator and attach it to a user. This step can be done during the creation of a new user account or if the user already exists and you want to add another authenticator.
You can attach several authenticators to a user account. It is recommended in case of lost devices or if the user get access on your application using multiple platforms (smartphone, laptop…).
To register a new authenticator, you need to generate and send a set of options to it. These options defined in a Webauthn\PublicKeyCredentialCreationOptions
object.
To generate that object, you just need to call the methodgeneratePublicKeyCredentialCreationOptions
of the $server
object. This method requires a Webauthn\PublicKeyCredentialUserEntity
object that represents the user entity to be associated with this new authenticator.
The Public Key Credential Creation Options object (variable $publicKeyCredentialCreationOptions
) can be serialized into JSON.
The variable $publicKeyCredentialCreationOptions
and $userEntity
have to be stored somewhere. These are needed during the next step. Usually these values are set in the session or solutions like Redis.
When the authenticator send you the computed response (i.e. the user touched the button, fingerprint reader, submitted the PIN…), you can load it and check it.
The authenticator response looks similar to the following example:
The library needs PSR-7 requests. In the example below, we use nyholm/psr7-server
to get that request.
Now send the options to the authenticator using your favorite Javascript framework, library or the example availbale in .