# Attestation and Metadata Statement {% hint style="warning" %} Disclaimer: you **should not** ask for the Attestation Statement unless you are working on an application that requires a high level of trust (e.g. Banking/Financial Company, Government Agency...). {% endhint %} With Symfony, you must enable this feature and define a Metadata Statement Repository in the configuration file. {% code title="config/packages/webauthn.yaml" lineNumbers="true" %} ```yaml webauthn: metadata_service: enabled: true repository: 'App\Repository\MyMetadataStatementRepository' ``` {% endcode %} {% hint style="warning" %} The modification of these parameters is not recommended. You should try to sync your server clock first. {% endhint %} ### Credential Creation Options By default, no Attestation Statement is asked to the Authenticators (type = `none`). To change this behavior, you just have to set the corresponding parameter in the `Webauthn\PublicKeyCredentialCreationOptions` object. There are 3 conveyance modes available using PHP constants provided by the class `Webauthn\PublicKeyCredentialCreationOptions`: * `ATTESTATION_CONVEYANCE_PREFERENCE_NONE`: the Relying Party is not interested in authenticator attestation (default) * `ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT`: the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements. * `ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT`: the Relying Party wants to receive the attestation statement as generated by the authenticator. * `ATTESTATION_CONVEYANCE_PREFERENCE_ENTERPRISE`: the Relying Party wants to receive uniquely identifying information from authenticators. {% code title="config/packages/webauthn.yaml" %} ```yaml webauthn: credential_repository: ... user_repository: ... creation_profiles: acme: attestation_conveyance: !php/const Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT rp: name: 'My application' id: 'example.com' ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://webauthn-doc.spomky-labs.com/v4.9/symfony-bundle/advanced-behaviors/attestation-and-metadata-statement.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.