https://github.com/madwizard-org/webauthn-server
WebAuthn Relying Party server library for PHP
https://github.com/madwizard-org/webauthn-server
2fa fido fido-u2f fido2 php relying-party two-factor-authentication u2f webauthn
Last synced: 23 days ago
JSON representation
WebAuthn Relying Party server library for PHP
- Host: GitHub
- URL: https://github.com/madwizard-org/webauthn-server
- Owner: madwizard-org
- License: mit
- Created: 2018-06-09T18:32:46.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2025-02-14T10:40:58.000Z (3 months ago)
- Last Synced: 2025-04-16T10:31:37.424Z (about 1 month ago)
- Topics: 2fa, fido, fido-u2f, fido2, php, relying-party, two-factor-authentication, u2f, webauthn
- Language: PHP
- Homepage:
- Size: 770 KB
- Stars: 54
- Watchers: 5
- Forks: 12
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-webauthn - Madwizard.org: WebAuthn PHP library - WebAuthn server library for PHP. (Server Libraries)
README
# WebAuthn Relying Party server library for PHP
[](https://scrutinizer-ci.com/g/madwizard-org/webauthn-server/?branch=master)
[](https://scrutinizer-ci.com/g/madwizard-org/webauthn-server/?branch=master)
[](https://scrutinizer-ci.com/g/madwizard-org/webauthn-server/build-status/master)
[](https://opensource.org/licenses/MIT)## Current state
Pretty stable but the API may still change slightly until the 1.0 release.
## Goal
This library aims to implement the relying party server of the WebAuthn specification in PHP. Important goals are:
- Implement the level 1 WebAuthn specification
- Good quality, secure and maintainable code
- Easy to use for the end-user## Installation
Installation via composer:
```bash
composer require madwizard/webauthn
```## Supported features
- > PHP 7.2
- FIDO conformant library
- Attestation types:
- FIDO U2F
- Packed
- TPM
- Android SafetyNet
- Android Key
- Apple
- None
- Optional 'unsupported' type to handle future types
- Metadata service support
- Validating metadata
- Extensions:
- appid## Usage
The library is still in development so documentation is limited. The general pattern to follow is:
1. Implement `CredentialStoreInterface` (you will need `UserCredential` or your own implementation of `UserCredentialInterface`)
2. Create an instance of `RelyingParty` and use the `ServerBuilder` class to build a server object:
```php
$server = (new ServerBuilder())
->setRelyingParty($rp)
->setCredentialStore($store)
->build();
```
3. Use `startRegistration`/`finishRegistration` to register credentials. Be sure to store the temporary `AttestationContext` server side!
4. and `startAuthentication`/`finishAuthentication` to authenticate. Be sure to store the temporary `AssertionContext` server side!## Resources
[WebAuthn specification](https://www.w3.org/TR/webauthn/)