/webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework

Primary LanguagePHPMIT LicenseMIT

Webauthn Framework

Scrutinizer Code Quality Coverage Status

Build Status

SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

Webauthn defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

This framework contains PHP libraries and Symfony bundle to allow developpers to integrate that authentication mechanism into their web applications.

Supported features

  • Attestation Types
    • basic attestation
    • self attestation
    • private CA attestation
    • elliptic curve direct anonymous attestation (optional)
  • Attestation Formats
    • packed attestation
    • TPM attestation
    • Android key attestation (optional)
    • FIDO U2F attestation
    • Android Safetynet attestation
  • Communication Channel Requirements
    • TokenBinding support (optional)
  • Extensions
    • registration and authentication support without extension
    • extension support
    • appid extension support (optional)
  • Cose Algorithms
    • RS1, RS256, RS384, RS512
    • PS256, PS384, PS512
    • ES256, ES384, ES512
    • EdDSA

Documentation

Webauthn Library

With this library, you can add multi-factor authentication like FIDO U2F does or add passwordless authentication support for your application using the new FIDO2 Webauthn specification.

There are two steps to perform:

Install the library with Composer: composer require web-authn/webauthn-lib.

Symfony Bundles

This framework provides two bundles:

  • Webauthn Bundle: this bundle uses the webauthn library to register services and attestation format supports. The documentation can be found here
  • Webauthn Security Bundle: this bundle adds a new firewall based on webauthn. You will be able to authenticate your users with their username and FIDO2 compatbile devices. The documentation can be found here

Other libraries

FIDO U2F

FIDO U2F is an old protocol, but widely adopted by a lot of web services. It adds a very robust and easy to use second factor authentication method.

The details for this lirary and the process are explained in this dedicated page.

Cose Key

TO BE WRITTEN

Support

I bring solutions to your problems and answer your questions.

If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of 🍻 or more!

Become a Patreon

Contributing

Requests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.

Do not forget to follow these best practices.

If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.

Licence

This software is release under MIT licence.