CakePHP Webauthn Example Application
An example application for using Webauthn and soon Passkeys with CakePHP and the CakePHP authentication plugin. If this proves useful, it could become a plugin.
Installation
- Download Composer or update
composer self-update
. - Run
php composer.phar create-project --prefer-dist cakephp/app [app_name]
.
If Composer is installed globally, run
composer create-project --prefer-dist markstory/cakephp-webauthn-example
In case you want to use a custom app dir name (e.g. /cake-webauth/
):
composer create-project --prefer-dist markstory/cakephp-webauthn-example cake-webauth
Running the Application
If you have a SSL server running you can have it proxy the CakePHP dev server, or serve the application directly.
bin/cake server -p 8765
mkcert & stunnel
Using a pair of CLI utilities you can generate an HTTPs proxy for the cakephp dev server. I found this pretty simple to use on linux.
Generate certificates for your local machine using mkcert
mkcert localhost
cat localhost.pem localhost-key.pem > localhost-bundle.pem
chmod 0666 *.pem
This will generate certificate & key file. Create the bundled certificate
for stunnel
Then in one terminal, run: bin/cake server
and then in another run
sudo stunnel3 -f -d 443 -r 8765 -p ./localhost-bundle.pem
Lastly you can use hosted services to create SSL tunnels.
Configuration
Read and edit the environment specific config/app_local.php
and set up the
'Datasources'
and any other configuration relevant for your application.
Other environment agnostic settings can be changed in config/app.php
.
What's included
A sample application that:
- A CakePHP Authentication plugin compatible Authenticator and high-level API for building passkey based flows.
- Allows new users to be created using U2F authenticators (also referred to as Passkeys)
- Allows users to login with their U2F device.
- Allows a user to register multiple devices.
Still to be built:
- Preventing duplicates passkeys to be added by the same device.
- Preventing deletion of a user's last passkey.