1 of 1

Dealing with “localhost”

aka non-https relying parties

Secured Context

If your are working on a development environment, https may not be available but the context could be considered as secured. You can bypass the scheme verification by passing the list of rpIds you consider secured.

Please be careful using this feature. It should NOT be used in production.

The Easy Way

The Hard Way

The Symfony Way

$publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
    $authenticatorAttestationResponse,
    $publicKeyCredentialCreationOptions,
    $serverRequest,
    ['localhost']
);

$publicKeyCredentialSource = $authenticatorAssertionResponse->check(
    $publicKeyCredential->getRawId(),
    $authenticatorAssertionResponse,
    $publicKeyCredentialRequestOptions,
    $request,
    $userHandle,
    ['localhost']
);

Dealing with “localhost”

hashtagSecured Context

hashtagThe Easy Way

hashtagThe Hard Way

hashtagThe Symfony Way

Dealing with “localhost”

hashtagSecured Context

hashtagThe Easy Way

hashtagThe Hard Way

hashtagThe Symfony Way

Secured Context

The Easy Way

The Hard Way

The Symfony Way

Secured Context

The Easy Way

The Hard Way

The Symfony Way