Webauthn Framework
v4.0
v1.xv2.xv3.0v3.3v4.0v4.5v4.7v4.8v4.9v5.0v5.1v5.2
v4.0
v1.xv2.xv3.0v3.3v4.0v4.5v4.7v4.8v4.9v5.0v5.1v5.2
  • The project
    • Introduction
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • Metadata Statement
    • User Verification
    • Extensions
    • Token Binding
  • Prerequisites
    • The Relying Party
    • Credential Source Repository
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Attestation and Metadata Statement
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Token Binding
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From v3.x to v4.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Pure PHP
  2. Advanced Behaviours

Dealing with “localhost”

Secured Context

If your are working on a development environment, https may not be available but the context could be considered as secured. You can bypass the scheme verification by passing the list of rpIds you consider secured.

Please be careful using this feature. It should NOT be used in production.

$publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
    $authenticatorAttestationResponse,
    $publicKeyCredentialCreationOptions,
    $serverRequest,
    ['localhost']
);
$publicKeyCredentialSource = $authenticatorAssertionResponse->check(
    $publicKeyCredential->getRawId(),
    $authenticatorAssertionResponse,
    $publicKeyCredentialRequestOptions,
    $request,
    $userHandle,
    ['localhost']
);
PreviousAuthenticator CounterNextBundle Installation

Last updated 2 years ago

Was this helpful?