As described in the previous pages, you need to create a PublicKeyCredentialCreationOptions object to register new authenticators. You can create this object using the .... But there is another way to do that.
The bundle provides a factory and manages profiles to ease the creation of the options. The factory is available as a public service: Webauthn\Bundle\Service\PublicKeyCredentialCreationOptionsFactory. To use it, you must first create a least one profile in your configuration file.
webauthn:creation_profiles:acme:#Unique name of the profilerp:# rp stands for Relying Partyname:'ACME Webauthn Server'id:'acme.com' icon: 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAMAAAC6V+0/AAAAwFBMVEXm7NK41k3w8fDv7+q01Tyy0zqv0DeqyjOszDWnxjClxC6iwCu11z6y1DvA2WbY4rCAmSXO3JZDTxOiwC3q7tyryzTs7uSqyi6tzTCmxSukwi9aaxkWGga+3FLv8Ozh6MTT36MrMwywyVBziSC01TbT5ZW9z3Xi6Mq2y2Xu8Oioxy7f572qxzvI33Tb6KvR35ilwTmvykiwzzvV36/G2IPw8O++02+btyepyDKvzzifvSmw0TmtzTbw8PAAAADx8fEC59dUAAAA50lEQVQYV13RaXPCIBAG4FiVqlhyX5o23vfVqUq6mvD//1XZJY5T9xPzzLuwgKXKslQvZSG+6UXgCnFePtBE7e/ivXP/nRvUUl7UqNclvO3rpLqofPDAD8xiu2pOntjamqRy/RqZxs81oeVzwpCwfyA8A+8mLKFku9XfI0YnSKXnSYZ7ahSII+AwrqoMmEFKriAeVrqGM4O4Z+ADZIhjg3R6LtMpWuW0ERs5zunKVHdnnnMLNQqaUS0kyKkjE1aE98b8y9x9JYHH8aZXFMKO6JFMEvhucj3Wj0kY2D92HlHbE/9Vk77mD6srRZqmVEAZAAAAAElFTkSuQmCC'
The name is mandatory ; other options are null by default.
The option id is highly recommended. See this page for acceptable values.
With this profile, now we can create options with the following code lines:
By default, the length of the challenge is 32 bytes. You may need to select a smaller or higher length. This length can be configured for each profile:
This set of options allows you to select authenticators depending on their capabilities. The values are described in the advanced concepts of the protocol.
This option indicates the algorithms allowed for your application. By default, a large list of algorithms is defined, but you can add custom algorithms or reduce the list.
The order is important. Preferred algorithms go first.
It is not recommended to change the default list unless you exactly know what you are doing.
The mechanism for generating public key credentials, as well as requesting and generating Authentication assertions, can be extended to suit particular use cases. Each case is addressed by defining a registration extension.
The example below is tatolly fictive. Some extensions are defined in the specification but the supports depends on the authenticators and on the relying parties.
app/config/webauthn.yaml
webauthn:creation_profiles:acme:rp:name:'ACME Webauthn Server'extensions:loc:truetxAuthSimple:'Please add your new authenticator'