Introduction

Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

The complete specification can be found on .

This framework contains PHP libraries and Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.

Class, Constant and Property Names

Naming things may be complicated. That’s why the following rule applies on the whole framework: the name of classes, constants and properties are identical to the ones you will find in the specification.

As an example, the shows an object named AuthenticatorAssertionResponse that extends AuthenticatorResponse with the following properties:

• authenticatorData

• signature

• userHandle

  You will find in the PHP class provided by the library.

Supported features

• Attestation Types

  • Empty

  • Basic

  • Self

  • Private CA

  • Anonymization CA

  • Elliptic Curve Direct Anonymous Attestation (ECDAA)

• Attestation Formats

  • FIDO U2F

  • Packed

  • TPM

  • Android Key

  • Android Safetynet

  • Apple

• Token Binding support

• Cose Algorithms

  • RS1, RS256, RS384, RS512

  • PS256, PS384, PS512

  • ES256, ES256K, ES384, ES512

  • ED25519

• Extensions

  • Supported (not fully tested)

  • appid extension (compatibility with FIDO U2F authenticator)

Compatible Authenticators

The framework is already compatible with all authenticators except the ones that use ECDAA Attestation format.

The compliance of the framework is ensured by running unit and functional tests during its development.

Support

I bring solutions to your problems and answer your questions.

Contributing

Requests for new features, bug fixed and all other ideas to make this framework useful are welcome.