What is Webauthn?

Overview of the framework

Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

The complete specification can be found on the W3C dedicated page.

This framework contains PHP libraries and Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.

Class, Constant and Property Names

Naming things may be complicated. That’s why the following rule applies on the whole framework: the name of classes, constants and properties are identical to the ones you will find in the specification.

As an example, the section 5.2.2 “Web Authentication Assertion” shows an object named AuthenticatorAssertionResponse that extends AuthenticatorResponse with the following properties:

Supported features

  • Attestation Types

    • Empty

    • Basic

    • Self

    • Private CA

    • Anonymization CA

Note that Elliptic Curve Direct Anonymous Attestation (ECDAA) is deprecated and not supported

  • Attestation Formats

    • FIDO U2F

    • Packed

    • TPM

    • Android Key

    • Android Safetynet (deprecated)

    • Apple

  • Cose Algorithms

    • RS1, RS256, RS384, RS512

    • PS256, PS384, PS512

    • ES256, ES256K, ES384, ES512

    • ED25519

  • Extensions

    • Supported (not fully tested)

    • appid extension (compatibility with FIDO U2F authenticator

The Token Binding support feature is now deprecated as not part of the latest specification version

Compatible Authenticators

As of January 2023, our framework supports every authenticator with full feature and algorithm support, achieving a 100% success rate across all tests. Official FIDO Alliance testing tools have validated its compliance.

We ensure continuous conformity through rigorous unit and functional testing throughout the development process.

Support

I bring solutions to your problems and answer your questions.

If you really love that project, and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of🍻 or more!

Contributing

Requests for new features, bug fixed and all other ideas to make this framework useful are welcome.

If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.

Do not forget to follow these best practices.

If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.