search
githubEdit

User Entity

It's all about users

hashtag
User Entity Class

A User Entity object represents a user in the Webauthn context. It has the following constraints:

  • The user ID must be unique and must be a string,

  • The username must be unique,

Hereafter a minimalist example of user entity:

<?php

use Webauthn\PublicKeyCredentialUserEntity;

$userEntity = PublicKeyCredentialUserEntity::create(
    'john.doe',                             // Username
    'ea4e7b55-d8d0-4c7e-bbfa-78ca96ec574c', // ID
    'John Doe'                              // Display name
);
circle-info

The username can be composed of any displayable characters, including emojis. Username "😝🥰😔" is perfectly valid.

Developers should not add rules that prevent users from choosing the username they want.

circle-exclamation

For privacy reasons, it is not recommended using the e-mail as username.

As for the rp Entity, the User Entity may have an icon. This icon must also be secured.

circle-info

The Webauthn specification does not set any limit for the length of the icon.

circle-exclamation

The icon may be ignored by browsers, especially if its length is greater than 128 bytes.

hashtag
User Entity Repository

Except if you use the Symfony bundle, there is no interface to implement or abstract class to extend, making it easy to integrate into your application. You may already have a user repository that can be adapted.

Your repository needs to provide these main operations:

  1. Find a user by username (for authentication)

  2. Find a user by user handle (for usernameless authentication)

  3. Create a new user entity (during registration)

circle-check

Whatever database you use (MySQL, PostgreSQL, MongoDB…), it is not necessary to create foreign key relationships between your users and the Credential Sources. The userHandle in the Credential Source links to the user ID.

hashtag
Repository Example

Here's a simple example using an array storage (for demonstration purposes):

circle-info

For production use, implement your repository with your preferred storage backend. See the Symfony Bundle section for a complete Doctrine example.

hashtag
Important Notes About User ID (userHandle)

  • Must be unique: Each user must have a unique user ID

  • Must be persistent: The user ID must never change for a given user

  • Should be random: Use at least 32 bytes of random data (64 bytes recommended)

  • Must not be PII: Do not use email, username, or any personally identifiable information

  • Maximum 64 bytes: The WebAuthn specification limits user IDs to 64 bytes

PreviousCredential SourceNextJavascript

Last updated

Was this helpful?