Webauthn Framework
v5.1
v5.1
  • WebAuthn: Strong Authentication for your PHP applications
  • The project
    • What is Webauthn?
    • Web Browser Support
    • Installation
    • Contributing
  • Webauthn In A Nutshell
    • Authenticators
    • Ceremonies
    • User Verification
    • Metadata Statement
    • Extensions
  • Prerequisites
    • The Relying Party
    • Credential Source
    • User Entity
    • Javascript
  • Pure PHP
    • Webauthn Server
    • Input Loading
    • Input Validation
    • Register Authenticators
    • Authenticate Your Users
    • Advanced Behaviours
      • Debugging
      • User Verification
      • Authenticator Selection Criteria
      • Authentication without username
      • Authenticator Algorithms
      • Attestation and Metadata Statement
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Symfony Bundle
    • Bundle Installation
    • Credential Source Repository
    • User Entity Repository
    • Firewall
    • Configuration References
    • Advanced Behaviors
      • Fake Credentials
      • Register Additional Authenticators
      • Debugging
      • User Verification
      • Attestation and Metadata Statement
      • Authenticator Selection Criteria
      • Authentication without username
      • Extensions
      • Authenticator Counter
      • Dealing with “localhost”
  • Migration
    • From 5.x to 6.0
  • Symfony UX
    • Installation
    • User Authentication
    • User Registration
    • Additional Authenticators
Powered by GitBook
On this page
  • Attestation ceremony
  • Assertion ceremony

Was this helpful?

Edit on GitHub
Export as PDF
  1. Webauthn In A Nutshell

Ceremonies

Registration and Authentication process overview

PreviousAuthenticatorsNextUser Verification

Was this helpful?

In the Webauthn context, there are two ceremonies:

  • The attestation ceremony or creation ceremony: associates an authenticator to a user account

  • The assertion ceremony or request ceremony: used for the authentication of a user.

For both ceremonies, there are two steps to perform:

  1. The creation of options: these options are sent to the authenticator and indicate what to do and how.

  2. The response of the authenticator: after the user interacted with the authenticator, the authenticator computes a response that has to be verified.

Depending on the options and the capabilities of the authenticator, the user interaction may differ. It can be a simple touch on a button or a complete authentication using biometric means (PIN code, fingerprint, facial recognition…).

Attestation ceremony

This ceremony aims at registering an authenticator. It can be used during the creation of a new user account or when an existing user wants to add an additional authenticator.

Assertion ceremony

This ceremony aims at authenticating a user. The user will be asked to interact with one of its authenticators. Additional authentication means, such as PIN code or fingerprint, may be required.

The attestation ceremony
The assertion ceremony