lbuchs/WebAuthn

A simple PHP WebAuthn (FIDO2) server library.

Simple working demo for the lbuchs/WebAuthn library.

Use Client-side-resident Public Key Credential Source

Relying Party

A valid domain string that identifies the WebAuthn Relying Party
on whose behalf a given registration or authentication ceremony is being performed.

RP ID:

attestation statement format

android-key

android-safetynet

apple

fido-u2f

none

packed

tpm

user verification

required User verification is required (e.g. by pin), the operation will fail if the response does not have the UV flag.

preferred user verification is prefered, the operation will not fail if the response does not have the UV flag.

discouraged user verification should not be employed as to minimize the user interaction during the process.

type of authenticator

USB

NFC

BLE

internal Windows Hello, Android SafetyNet, Apple, ...

root certificates

Accept keys signed by apple root ca

Accept keys signed by yubico root ca

Accept keys signed by solokeys root ca

Accept keys signed by hypersecu root ca

Accept keys signed by google root ca

Accept keys signed by Microsofts collection of trusted TPM root ca

(Nothing checked = accept all)

If you select a root ca, direct attestation is required to validate your client with the root.
The browser may warn you that he will provide informations about your device.
When not checking against any root ca (deselect all certificates), the client may change the assertion from the authenticator (for instance, using an anonymization CA),
the browser may not warn about providing informations about your device.