Webauthn Framework
v4.0
v1.xv2.xv3.0v3.3v4.0v4.5v4.7v4.8v4.9v5.0v5.1
v4.0
v1.xv2.xv3.0v3.3v4.0v4.5v4.7v4.8v4.9v5.0v5.1
  • The project
    • Introduction
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • Metadata Statement
    • User Verification
    • Extensions
    • Token Binding
  • Prerequisites
    • The Relying Party
    • Credential Source Repository
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Attestation and Metadata Statement
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Token Binding
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From v3.x to v4.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Symfony Bundle
  2. Advanced Behaviors

Authentication without username

PreviousAuthenticator Selection CriteriaNextExtensions

Last updated 2 years ago

Was this helpful?

With Webauthn, it is possible to authenticate a user without username. This behavior implies several constraints:

  1. During the registration of the authenticator, a ,

  2. The user verification is required,

  3. The list of allowed authenticators must be empty

In case of failure, you should continue with the standard authentication process i.e. by asking the username of the user.

The bundle configuration should have a profile with the constraints listed above:

webauthn:
    credential_repository: '…'
    user_repository: '…'
    creation_profiles:
        default:
            rp:
                name: 'My application'
                id: 'example.com'
            authenticator_selection_criteria:
                require_resident_key: true
                user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED
    request_profiles:
        default:
            rp_id: 'example.com'
            user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED
Resident Key must have been asked