madwizard / webauthn

Web Authentication API server for PHP

Maintainers

Details

github.com/madwizard-org/webauthn-server

Installs: 87 772

Open Issues: 10

pkg:composer/madwizard/webauthn

v1.0.0 2025-02-14 10:38 UTC

Requires

php: ^7.2.0|^8.0
ext-json: *
ext-openssl: *
ext-sodium: *
guzzlehttp/guzzle: ^6.5|^7.0
kevinrob/guzzle-cache-middleware: ^3.3
psr/cache: ^1.0|^2.0|^3.0
psr/log: ^1.1|^2.0|^3.0
sop/asn1: ^4.1
sop/crypto-bridge: ^0.3.1
sop/crypto-encoding: ^0.3.0
sop/crypto-types: ^0.3.0
sop/x501: ^0.6.1
sop/x509: ^0.7.0
symfony/cache: ^4.4|^5.2|^6.0|^7.0

Requires (Dev)

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT 476d0a3eeb01c83b090568c6c803dd8d3ea75e52

Thomas Bleeker <support.woop@madwizard.org>

dev-master
v1.0.0
v0.10.0
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.2
v0.2.1
v0.2.0
v0.1.0
v0.0.2
v0.0.1
dev-tpm-ecc-attestation

This package is not auto-updated.

Last update: 2025-10-24 14:23:20 UTC

README

Current state

Pretty stable but the API may still change slightly until the 1.0 release.

Goal

This library aims to implement the relying party server of the WebAuthn specification in PHP. Important goals are:

Implement the level 1 WebAuthn specification
Good quality, secure and maintainable code
Easy to use for the end-user

Installation

Installation via composer:

composer require madwizard/webauthn

Supported features

PHP 7.2
FIDO conformant library
Attestation types:
- FIDO U2F
- Packed
- TPM
- Android SafetyNet
- Android Key
- Apple
- None
- Optional 'unsupported' type to handle future types
Metadata service support
Validating metadata
Extensions:
- appid

Usage

The library is still in development so documentation is limited. The general pattern to follow is:

Implement CredentialStoreInterface (you will need UserCredential or your own implementation of UserCredentialInterface)
Create an instance of RelyingParty and use the ServerBuilder class to build a server object:

$server = (new ServerBuilder())
    ->setRelyingParty($rp)
    ->setCredentialStore($store)
    ->build();

Use startRegistration/finishRegistration to register credentials. Be sure to store the temporary AttestationContext server side!
and startAuthentication/finishAuthentication to authenticate. Be sure to store the temporary AssertionContext server side!

Resources

WebAuthn specification