Webauthn Framework
v5.2
v5.2
  • WebAuthn: Strong Authentication for your PHP applications
  • The project
    • What is Webauthn?
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • User Verification
    • Metadata Statement
    • Extensions
  • Prerequisites
    • The Relying Party
    • Credential Source
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Input Loading
    • Input Validation
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Authentication without username
      • Authenticator Algorithms
      • Attestation and Metadata Statement
      • Extensions
      • Authenticator Counter
      • Cross Origin Authentication
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Fake Credentials
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Cross Origin Authentication
  • Migration
    • From 5.x to 6.0
  • Symfony UX
    • Installation
    • User Authentication
    • User Registration
    • Additional Authenticators
Powered by GitBook
On this page
  • Configuration
  • Allowed Origins Endpoint

Was this helpful?

Export as PDF
  1. Symfony Bundle
  2. Advanced Behaviors

Cross Origin Authentication

PreviousAuthenticator CounterNextFrom 5.x to 6.0

Last updated 2 months ago

Was this helpful?

Please to know more about the Cross Origin Authentication.

Configuration

The configuration of the allowed domains can be done as follows.

config/packages/webauthn.yaml
webauthn:
    allowed_origins:
        - 'https://acme.com'
        - 'https://acme.fr'
        - 'android:apk-key-hash://your-app-hash'
        - 'ios:bundle-id://your.bundle.id'
    allow_subdomains: true

Allowed Origins Endpoint

When the allowed_origins parameter is set, the path /.well-known/webauthn is enabled. This path returns a JSON object with allowed domains.

refer to this page