Webauthn Framework
v4.0
v4.0
  • The project
    • Introduction
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • Metadata Statement
    • User Verification
    • Extensions
    • Token Binding
  • Prerequisites
    • The Relying Party
    • Credential Source Repository
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Attestation and Metadata Statement
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Token Binding
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From v3.x to v4.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Webauthn In A Nutshell

Ceremonies

Registration and Authentication process overview

PreviousAuthenticatorsNextMetadata Statement

Last updated 3 years ago

Was this helpful?

In the Webauthn context, there are two ceremonies:

  • The attestation ceremony: it corresponds to the registration of a new authenticator,

  • The assertion ceremony: it is used for the authentication of a user.

For both ceremonies, there are two steps to perform:

  1. The creation of options: these options are sent to the authenticator and indicate what to do and how.

  2. The response of the authenticator: after the user interacted with the authenticator, the authenticator computes a response that has to be verified.

Depending on the options and the capabilities of the authenticator, the user interaction may differ. It can be a simple touch on a button or a complete authentication using biometric means (PIN code, fingerprint, facial recognition…).

The attestation ceremony
The assertion ceremony