PHP download

Download the PHP package asbiin/laravel-webauthn without Composer

On this page you can find all versions of the php package asbiin/laravel-webauthn. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download asbiin/laravel-webauthn
More information about asbiin/laravel-webauthn
Files in asbiin/laravel-webauthn

Vendor asbiin
Package laravel-webauthn
Short Description Laravel Webauthn support
License MIT

Keywords php security laravel webauthn

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of asbiin/laravel-webauthn

Informations about the package laravel-webauthn

Webauthn adapter for Laravel

Features
Installation
- Configuration
Set Up
- Option 1: add LaravelWebauthn middleware
- Login via remember
- Option 2: Passwordless authentication
- Disabling Views
- Cache
Usage
- Authenticate
- Register a new key
- Routes
- Ignore route creation
- Customizing The Authentication Pipeline
- Rate Limiter
- Events
- View response
Compatibility
- Laravel compatibility
- Browser compatibility
- Homestead
License

LaravelWebauthn is the adapter to use Webauthn as 2FA (two-factor authentication) or as passwordless authentication on Laravel.

Try this now on the demo application.

Features

Manage Webauthn keys registration
2nd factor authentication: add a middleware service to use a Webauthn key as 2FA
Login provider using a Webauthn key, without password

Installation

Install this package with:

Configuration

You can publish LaravelWebauthn configuration in a file named config/webauthn.php, and resources using the vendor:publish command:

Next, you should migrate your database:

Set Up

Option 1: add LaravelWebauthn middleware

The Webauthn middleware will force the user to authenticate their webauthn key for certain routes.

Assign the middleware to a route or a group of routes:

The Webauthn middleware will redirect the user to the webauthn login page when required.

Login via remember

When session expires, but the user have set the remember cookie, you can revalidate webauthn session by subscribing to the LaravelWebauthn\Listeners\LoginViaRemember listener:

Option 2: Passwordless authentication

You can use Webauthn to authenticate a user without a password, using only a webauthn key authentication.

To enable passwordless authentication, first add the webauthn user provider: update your config/auth.php file and change the users provider:

Then allow your login page to initiate a webauthn login with an email identifier.

You can call webauthn.auth.options route with a POST request and an email input to get the challenge data. See authentication section for more details.

Disabling Views

By default LaravelWebauthn defines routes that are intended to return views for authentication and register key.

However, if you are building a JavaScript driven single-page application, you may not need these routes. For that reason, you may disable these routes entirely by setting the views configuration value within your application's config/webauthn.php configuration file to false:

Cache

Note this package uses the cache to store the challenge data between the server request and the browser response. You'll need to setup a real cache driver from your config/cache.php file, and thus you can't use the array or null driver.

Usage

You will find an example of usage on asbiin/laravel-webauthn-example. You can try it right now on the demo application.

Authenticate

To authenticate with a webauthn key, the workflow is the following:

Open the webauthn.login login page. You can customize the login page view by calling Webauthn::loginViewResponseUsing. See View response

The default behavior will open the webauthn::authenticate page. You can also change the value of webauthn.views.authenticate in the configuration file.
Or: Get the publicKey challenge by calling webauthn.auth.options (if not provided).
Start the webauthn browser authentication. You can use the webauthn.js library to do this.

Send the signed data to webauthn.auth route.
The POST response will be:
- a redirect response
- or a json response with a callback data.

Example:

If the authentication is successful, the server will use the webauthn.redirects.login configuration:

to redirect the response on a plain http call
or with a json response, like:

Register a new key

To register a new webauthn key, the workflow is the following:

Open the webauthn.register page. You can customize the register page view by calling Webauthn::registerViewResponseUsing. See View response

The default behavior will open the webauthn::register page. You can also change the value of webauthn.views.register in the configuration file.
Or: Get the publicKey challenge by calling webauthn.store.options (if not provided).
Start the webauthn browser registration. You can use the webauthn.js library to do this.

Send the signed data to webauthn.store route. The data should contain a name field with the webauthn key name.
The POST response will be:
- a redirect response
- or a json response with a callback data.

Example:

If the registration is successful, the server will use the webauthn.redirects.register configuration:

to redirect the response on a plain http call
or with a json response, like:

Routes

These routes are defined:

Request	Route	Description
GET `/webauthn/auth`	`webauthn.login`	The login page.
POST `/webauthn/auth/options`	`webauthn.auth.options`	Get the publicKey and challenge to initiate a WebAuthn login.
POST `/webauthn/auth`	`webauthn.auth`	Post data after a WebAuthn login validate.
GET `/webauthn/keys/create`	`webauthn.create`	The register key page.
POST `/webauthn/keys/options`	`webauthn.store.options`	Get the publicKeys and challenge to initiate a WebAuthn registration.
POST `/webauthn/keys`	`webauthn.store`	Post data after a WebAuthn register check.
DELETE `/webauthn/keys/{id}`	`webauthn.destroy`	Delete an existing key.
PUT `/webauthn/keys/{id}`	`webauthn.update`	Update key properties (name, ...).

You can customize the first part of the url by setting prefix value in the config file.

Ignore route creation

You can disable the routes creation by adding this in your AppServiceProvider:

Customizing The Authentication Pipeline

The Laravel Webauthn authentication pipeline is highly inspired by the Fortify pipeline.

If you would like, you may define a custom pipeline of classes that login requests should be piped through. Each class should have an __invoke method which receives the incoming Illuminate\Http\Request instance and, like middleware, a $next variable that is invoked in order to pass the request to the next class in the pipeline.

To define your custom pipeline, you may use the Webauthn::authenticateThrough method. This method accepts a closure which should return the array of classes to pipe the login request through. Typically, this method should be called from the boot method of your App\Providers\FortifyServiceProvider class.

The example below contains the default pipeline definition that you may use as a starting point when making your own modifications:

Rate Limiter

By default, Laravel Webauthn will throttle logins to five requests per minute for every email and IP address combination. You may specify a custom rate limiter with other specifications.

First define a custom rate limiter. Follow Laravel rate limiter documentation to create a new RateLimiter within the boot method of your application's App\Providers\AppServiceProvider class.

Then use this new custom rate limiter in your webauthn.limiters.login configuration:

Events

Events are dispatched by LaravelWebauthn:

\LaravelWebauthn\Events\WebauthnLogin on login with Webauthn check.
\LaravelWebauthn\Events\WebauthnLoginData on preparing authentication data challenge.
\Illuminate\Auth\Events\Failed on a failed login check.
\LaravelWebauthn\Events\WebauthnRegister on registering a new key.
\LaravelWebauthn\Events\WebauthnRegisterData on preparing register data challenge.
\LaravelWebauthn\Events\WebauthnRegisterFailed on failing registering a new key.

View response

You can easily change the view responses with the Webauthn service.

For instance, call Webauthn::loginViewResponseUsing in your App\Providers\AppServiceProvider class:

With a LoginViewResponse class:

List of methods and their expected response contracts:

Webauthn static methods	`\LaravelWebauthn\Contracts`
`loginViewResponseUsing`	`LoginViewResponseContract`
`loginSuccessResponseUsing`	`LoginSuccessResponseContract`
`registerViewResponseUsing`	`RegisterViewResponseContract`
`registerSuccessResponseUsing`	`RegisterSuccessResponseContract`
`destroyViewResponseUsing`	`DestroyResponseContract`
`updateViewResponseUsing`	`UpdateResponseContract`

Compatibility

Laravel compatibility

This package has the following Laravel compatibility:

Laravel	asbiin/laravel-webauthn
5.8-8.x	<= 1.2.0
7.x-8.x	2.0.1
>= 9.x	>= 3.0.0

Browser compatibility

Most of the browsers support Webauthn.

However, your browser will refuse to negotiate a relay to your security device without the following:

a proper domain (localhost and 127.0.0.1 will be rejected by webauthn.js)
an SSL/TLS certificate trusted by your browser (self-signed is okay)
connected HTTPS on port 443 (ports other than 443 will be rejected)

Homestead

If you are a Laravel Homestead user, the default is to forward ports. You can switch from NAT/port forwarding to a private network with similar Homestead.yaml options:

Re-provisioning vagrant will inform your virtual machine of the new network and install self-signed SSL/TLS certificates automatically: vagrant reload --provision

If you haven't done so already, describe your site domain and network in your hosts file:

License

Author: Alexis Saettler

Licensed under the MIT License. View license.

All versions of laravel-webauthn with dependencies

PHP Build Version

Package Version

Version 4.4.1 Release 08. Apr 2024
create-project require 0 people choosed require and
1 people choosed create-project.

Download

Download latest version of laravel-webauthn from vendor asbiin

Requires php Version >=8.1
illuminate/support Version ^9.0 || ^10.0 || ^11.0
phpdocumentor/reflection-docblock Version ^5.3
psr/http-factory-implementation Version 1.0
symfony/property-access Version ^6.4 || ^7.0
symfony/property-info Version ^6.4 || ^7.0
symfony/serializer Version ^6.4 || ^7.0
web-auth/cose-lib Version ^4.0
web-auth/webauthn-lib Version ^4.8
web-token/jwt-library Version ^3.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package asbiin/laravel-webauthn contains the following files

Loading the files please wait ....