Authenticator Counter

webauthn:
    counter_checker: App\Service\CustomCounterChecker

<?php

declare(strict_types=1);

namespace Acme\Service;

use Assert\Assertion;
use Psr\Log\LoggerInterface;
use Psr\Log\NullLogger;
use Throwable;
use Webauthn\CredentialRecord;

final class CustomCounterChecker implements CounterChecker
{
    public function __construct(private UserRepository $userRepository)
    {
    }

    public function check(CredentialRecord $credentialRecord, int $currentCounter): void
    {
        if ($currentCounter > $credentialRecord->counter) {
            return;
        }

        $userId = $credentialRecord->userHandle;
        $this->userRepository->lockUserWithId($userId);
        throw new CustomSecurityException('Invalid counter. User is now locked.');
    }
}