# Input Validation

The loaded data needs to be verified. The library will perform several actions to make sure the input you received is valid. This verification process is performed by a Ceremony Step Manager (CSM). The Webauthn Specification distinguish two types of ceremonies[ described in this page](https://webauthn-doc.spomky-labs.com/v4.9/webauthn-in-a-nutshell/ceremonies).

## Ceremony Step Manager Factory

To facilitate the creation of the CSM, a default factory is included. This factory requires no external services to function.

{% code lineNumbers="true" %}

```php
<?php

declare(strict_types=1);

use Webauthn\CeremonyStep\CeremonyStepManagerFactory;

$csmFactory = new CeremonyStepManagerFactory();

$creationCSM = $csmFactory->creationCeremony();
$requestCSM = $csmFactory->requestCeremony();
```

{% endcode %}

{% hint style="info" %}
You can customize its behavior to fit the specific needs of your application by modifying the provided factory. Please refer to the dedicated pages for more information.

* [Counter Checker](https://webauthn-doc.spomky-labs.com/v4.9/pure-php/advanced-behaviours/authenticator-counter)
* [Attestation Statement Support Manager](https://webauthn-doc.spomky-labs.com/v4.9/advanced-behaviours/attestation-and-metadata-statement#attestation-statement-support-manager)
* [Extension Output Checker Handler](https://webauthn-doc.spomky-labs.com/v4.9/pure-php/advanced-behaviours/extensions)
* [Algorithm Manager](https://webauthn-doc.spomky-labs.com/v4.9/pure-php/advanced-behaviours/authenticator-algorithms)
* [Metadata Statement Repository](https://webauthn-doc.spomky-labs.com/v4.9/advanced-behaviours/attestation-and-metadata-statement#metadata-statement-repository)
* [Status Report Repository](https://webauthn-doc.spomky-labs.com/v4.9/advanced-behaviours/attestation-and-metadata-statement#status-report-repository)
* [Certification Chain Validator](https://webauthn-doc.spomky-labs.com/v4.9/advanced-behaviours/attestation-and-metadata-statement#certificate-chain-validator)
  {% endhint %}

These CSM services are meant to be used by Response Validators. On a similar way, there are two types of validators:

* **Authenticator Attestation Response Validator**: used during the creation ceremony
* **Authenticator Assertion Response Validator**: used during the request ceremony

## Response Validators

The Authenticator Attestation Response Validator and Authenticator Assertion Response Validator services are directly used when receiving Authenticator Responses in order to [register authenticators](https://webauthn-doc.spomky-labs.com/v4.9/pure-php/authenticator-registration) or [authenticate users](https://webauthn-doc.spomky-labs.com/v4.9/pure-php/authenticate-your-users).

{% hint style="info" %}
All null values below correspond to deprecated parameters. They will be removed in 5.0.0
{% endhint %}

{% code lineNumbers="true" %}

```php
<?php

declare(strict_types=1);

use Webauthn\AuthenticatorAttestationResponseValidator;
use Webauthn\AuthenticatorAssertionResponseValidator;

$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    null, //Deprecated
    $requestCSM
);

// Also valid
$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
    ceremonyStepManager: $creationCSM
);
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
    ceremonyStepManager: $requestCSM
);
```

{% endcode %}