Webauthn Framework
v3.0
v3.0
  • Introduction
  • Web Browser Support
  • Installation
  • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
  • Pre-requisites
    • The Relying Party
    • Credential Source Repository
    • User Entity
    • Javascript
    • Easy or Hard Way?
  • The Webauthn Server
    • The Easy Way
      • Register Authenticators
      • Authenticate Your Users
    • The Hard Way
      • Register Authenticators
      • Authenticate Your Users
    • The Symfony Way
      • Entities with Doctrine
      • Firewall
  • Deep into the framework
    • Register Additional Authenticators
    • Debugging
    • User Verification
    • Attestation and Metadata Statement
    • Authenticator Selection Criteria
    • Authentication without username
    • Extensions
    • Token Binding
    • Authenticator Counter
    • Dealing with “localhost”
  • Migration
    • From v2.x to v3.0
Powered by GitBook
On this page
  • Update the libraries
  • Spot deprecations
  • General modifications
  • Removed methods, functions or properties
  • Internal Dependency Changes:
  • Update your Configuration Files
  • Upgrade the libraries
  • All Modifications In A Row

Was this helpful?

Edit on GitHub
Export as PDF
  1. Migration

From v2.x to v3.0

Step-by-step guide for migrating from v2.x to v3.0

PreviousDealing with “localhost”

Last updated 3 years ago

Was this helpful?

This project follows the and, contrary to upgrade a minor version (where the middle number changes) where no difficulty should be encountered, upgrade a major version (where the first number changes) is subject to significant modifications.

Update the libraries

First of all, you have to make sure you are using the last v2.x release (v2.1.7 at the time of writing).

Spot deprecations

Next, you have to verify you don’t use any deprecated class, interface, method or property. If you have PHPUnit tests, .

This section is not yet finished

General modifications

CBOR\Decoder Service Not Needed Anymore

You don't have to inject the CBOR\Decoder service anymore. This service is automatically created with the necessary options.

Example:

use Webauthn\AuthenticatorAssertionResponseValidator;

//Before:
$validator = new AuthenticatorAssertionResponseValidator(
    $publicKeyCredentialSourceRepository,
    $decoder,
    $tokenBindingHandler,
    $extensionOutputCheckerHandler,
    $algorithmManager
);

//After
$validator = new AuthenticatorAssertionResponseValidator(
    $publicKeyCredentialSourceRepository,
    $tokenBindingHandler,
    $extensionOutputCheckerHandler,
    $algorithmManager
);

Metadata Statement Repository Is Required

You must inject the Metadata Statement Repository to use Metadata Statement types other than none.

Removed methods, functions or properties

  • Webauthn\PublicKeyCredentialSource::createFromPublicKeyCredential()

  • Webauthn\ CertificateToolbox::checkAttestationMedata()

Internal Dependency Changes:

  • Added:

    • league/uri-components ^2.1

    • psr/log ^1.1

    • sensio/framework-extra-bundle ^5.2

  • Bumped:

    • league/uri from ^5.3 to ^6.0

    • spomky-labs/cbor-bundle from ^1.0 to ^2.0

    • symfony/* from ^4.3 to ^5.0

  • Removed:

    • symfony/http-client

Update your Configuration Files

To be written

Upgrade the libraries

It is now time to upgrade the libraries. In your composer.json, change all web-auth/* dependencies from v2.x to v3.0. When done, execute composer update.

This may also update other dependencies. You can list upgradable libraries by calling composer outdated. Please make sure these libraries do not impact your upgrade.

All Modifications In A Row

If you want to see all modifications at once, please .

Semantic Versioning principles
you can easily get the list of deprecation used in your application
have a look at this page