In general, the data you receive is an encoded JSON object. The library provides utilities to convert the string into objects.
To do so, you will need an Attestation Statement Support Manager and a Serializer.
Authenticator Responses may contain an Attestation Statement. This attestation holds data regarding the authenticator depending on several factors such as its manufacturer and model, what you asked in the options, the capabilities of the browser or what the user allowed.
The following attestation types are supported. Note that you should only use the none
one unless you have specific needs described in the dedicated page.
none
: no attestation is provided.
fido-u2f
: for non-FIDO2 compatible devices (old FIDO / U2F security tokens).
packed
: generally used by authenticators with limited resources (e.g. secure elements). It uses a very compact but still extensible encoding method.
android key
: commonly used by old or disconnected Android devices.
android safety net: for new Android devices like smartphones (deprecated).
trusted platform module
: for devices with built-in security chips.
apple
: for Apple devices
To convert Authenticator Responses from the encoded string to an object, you will need a Serializer. It only needs the Attestation Statement Support Manager created above.
Before 4.8.0, you were asked to create a PublicKeyCredentialLoader object. For 4.8.0, you can use a Symfony Serializer object. This will become the standard way to load data for 5.0.0.
In general, the data you receive looks like as follows.
Only this type of input is supported. If you receive other forms of data, please contact us.
If the data is correctly loaded, the variable $publicKeyCredential
will be an instance of Webauthn\PublicKeyCredential
. An exception is thrown in case of an error.
At this stage, the data is not verified.