Webauthn Framework
v4.0
v4.0
  • The project
    • Introduction
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • Metadata Statement
    • User Verification
    • Extensions
    • Token Binding
  • Prerequisites
    • The Relying Party
    • Credential Source Repository
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Attestation and Metadata Statement
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Token Binding
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From v3.x to v4.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Webauthn In A Nutshell

Extensions

PreviousUser VerificationNextToken Binding

Last updated 3 years ago

Was this helpful?

The mechanism for generating public key credentials, as well as requesting and generating Authentication assertions, can be extended to suit particular use cases. Each case is addressed by defining a registration extension.

Standard extensions are usually listed in the dedicated IANA Registry available at

Among the available extensions, you have:

  • loc: The location registration extension and authentication extension provides the client device's current location to the WebAuthn Relying Party, if supported by the client platform and subject to user consent.

  • hmac-secret: This registration extension and authentication extension enables the platform to retrieve a symmetric secret scoped to the credential from the authenticator.

  • minPinLength: This registration extension returns the current minimum PIN length value to the Relying Party.

This library is ready to handle extension inputs and outputs, but no concrete implementations are provided.

It is up to you, depending on the extensions you want to support, to create the extension handlers.

https://www.iana.org/assignments/webauthn/webauthn.xhtml