The Symfony Way
Lucky Symfony applications!
Last updated
Was this helpful?
Lucky Symfony applications!
Last updated
Was this helpful?
An official bundle is provided in the package web-auth/webauthn-symfony-bundle
.
Starting at v3.2.4, the bundle can be installed on Symfony 4.4 or 5.0+.
Before installing it, please make sure you installed and configured:
The package ,
The package or any package,
The and enabled the PSR-7 support.
If you are using Symfony Flex then the bundle will automatically be installed and the default configuration will be set. Otherwise you need to add it in your AppKernel.php
file:
And add the Webauthn Route Loader:
With Flex, you have a minimal configuration file installed through a Flex Recipe. You must set the repositories you have just created. You also have to modify the environment variables Relying_PARTY_ID
and Relying_PARTY_NAME
.
You may also need to adjust other parameters.
If you don’t use Flex, hereafter an example of configuration file:
The credential_repository and user_repository parameters correspond to the services we created above.
If you don't create the creation_profiles
section, a default
profile is set.
The parameter id
is optional but highly recommended.
By default, the length of the challenge is 32 bytes. You may need to select a smaller or higher length. This length can be configured for each profile:
The default timeout is set to 60 seconds (60 000 milliseconds). You can change this value as follows:
This option indicates the algorithms allowed for your application. By default, a large list of algorithms is defined, but you can add custom algorithms or reduce the list.
It is not recommended changing the default list unless you exactly know what you are doing.
Please note that the metadata service is mandatory when you use this option.
The use of Attestation Statements is generally not recommended unless you REALLY need this information.
If you don't create the creation_profiles
section, a default
profile is set.
The parameters for the request profiles (i.e. the authentication) are very similar to the creation profiles. The only difference is that you don’t need all the detail of the Relying Party, but only its ID (i.e. its domain).
Please note that all parameters are optional. The following configuration is perfectly valid. However, and as mentioned above, the parameter id
is highly recommended.
The first step is to create and .
Only . Other storage systems like filesystem or Doctrine ODM may be added in the future but, at the moment, you have to create these from scratch.
Please refer to . You should let the default value as it is.
The realying Party corresponds to your application. Please refer for more information.
This set of options allows you to select authenticators depending on their capabilities. The values are described in of the protocol.
If you need the , you can specify the preference regarding attestation conveyance during credential generation.
You can set as many extensions as you want in the profile. Please also for more information.
The example below is totally fictive. Some extensions are but the support depends on the authenticators, on the browsers and on the relying parties (your applications).
Now you have a fully configured bundle, you can protect your routes and manage the user registration and authenticatin through the .