Input Validation

The loaded data needs to be verified. The library will perform several actions to make sure the input you received is valid. This verification process is performed by a Ceremony Step Manager (CSM). The Webauthn Specification distinguish two types of ceremonies.

Ceremony Step Manager Factory

To facilitate the creation of the CSM, a default factory is included. This factory requires no external services to function.

<?php

declare(strict_types=1);

use Webauthn\CeremonyStep\CeremonyStepManagerFactory;

$csmFactory = new CeremonyStepManagerFactory();

$creationCSM = $csmFactory->creationCeremony();
$requestCSM = $csmFactory->requestCeremony();

You can customize its behavior to fit the specific needs of your application by modifying the provided factory. Please refer to the dedicated pages for more information.

These CSM services are meant to be used by Response Validators. On a similar way, there are two types of validators:

Authenticator Attestation Response Validator: used during the creation ceremony
Authenticator Assertion Response Validator: used during the request ceremony

Response Validators

All null values below correspond to deprecated parameters. They will be removed in 5.0.0

<?php

declare(strict_types=1);

use Webauthn\AuthenticatorAttestationResponseValidator;
use Webauthn\AuthenticatorAssertionResponseValidator;

$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $requestCSM
);

// Also valid
$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    ceremonyStepManager: $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    ceremonyStepManager: $requestCSM
);

PreviousInput Loading NextRegister Authenticators

Last updated 1 year ago

Was this helpful?

Ceremony Step Manager Factory

To facilitate the creation of the CSM, a default factory is included. This factory requires no external services to function.

<?php

declare(strict_types=1);

use Webauthn\CeremonyStep\CeremonyStepManagerFactory;

$csmFactory = new CeremonyStepManagerFactory();

$creationCSM = $csmFactory->creationCeremony();
$requestCSM = $csmFactory->requestCeremony();

You can customize its behavior to fit the specific needs of your application by modifying the provided factory. Please refer to the dedicated pages for more information.

These CSM services are meant to be used by Response Validators. On a similar way, there are two types of validators:

Authenticator Attestation Response Validator: used during the creation ceremony

Authenticator Assertion Response Validator: used during the request ceremony

Response Validators

The Authenticator Attestation Response Validator and Authenticator Assertion Response Validator services are directly used when receiving Authenticator Responses in order to or .

All null values below correspond to deprecated parameters. They will be removed in 5.0.0

<?php

declare(strict_types=1);

use Webauthn\AuthenticatorAttestationResponseValidator;
use Webauthn\AuthenticatorAssertionResponseValidator;

$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $requestCSM
);

// Also valid
$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    ceremonyStepManager: $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    ceremonyStepManager: $requestCSM
);