In order to prevent username enumeration, random credentials are set when a username is passed but no user entity is found.
A very simple service is provided. If you want to change the way the fake credentials are generated, you can create a custom service. The service shall implement the Webauthn\FakeCredentialGenerator interface.
src/CustomCredentialGenerator.php
<?phpnamespaceApp;useWebauthn\FakeCredentialGenerator;useWebauthn\PublicKeyCredentialDescriptor;finalreadonlyclassCustomCredentialGeneratorimplementsFakeCredentialGenerator{/** * @returnPublicKeyCredentialDescriptor[] */publicfunctiongenerate(Request $request,string $username):array {// Generate your list of fake credentials.// Note that for a given username you should always return the same credentials. }}
Then, declare this service in the container and use it in your bundle configuration.