Download the PHP package datlechin/flarum-passkey without Composer

On this page you can find all versions of the php package datlechin/flarum-passkey. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of datlechin/flarum-passkey

Informations about the package flarum-passkey

Flarum Passkey

Latest Stable Version Total Downloads

A Flarum extension that adds passkey sign-in alongside the existing password login. Passkeys live next to passwords, so existing accounts and recovery flows keep working.

Built on W3C WebAuthn Level 3 with web-auth/webauthn-lib on the server and @simplewebauthn/browser in the browser.

Features

Sign in

Onboarding

Manage

Add passkey modal Suggest passkey after a password sign-in

Security signals

Admin

Other

Installation

Updating

Configuration

Open Admin → Extensions → Passkey.

Setting Default What it does
Relying Party ID (auto from request host) DNS suffix that scopes the passkey. Changing it invalidates every existing passkey.
Relying Party display name forum title Name shown in the browser passkey prompt.
Related origins empty Other origins permitted to perform a passkey ceremony, in combination with the well-known document.
User verification preferred Whether to require biometric/PIN.
Attestation conveyance none Whether to ask the authenticator for an attestation chain. Most consumer forums leave this at none.
Login attempts per minute per IP 10 Throttler on /api/passkey/login.

The "Require passkey" toggle for each group lives on the Edit Group modal in Admin → Permissions.

Relying Party ID

The RP ID is the part of the origin that scopes a passkey. It must be either the exact host or a registrable suffix of it (forum.example.com, or example.com if you want passkeys to work across all subdomains).

Changing the RP ID after users have registered passkeys silently invalidates every saved credential, because the browser hashes the RP ID into each credential's identity. Confirm before saving, and prefer the empty default unless you have a specific cross-subdomain requirement.

Related origins

If the same Flarum is reachable from more than one origin (for example, a forum at forum.example.com embedded in a portal at app.example.com), list each non-canonical origin in this setting. The extension serves the W3C document at /.well-known/webauthn so browsers performing a ceremony from a related origin can confirm they are allowed to reach the configured RP ID.

Recovery

If a user loses every passkey, they sign in with their password and the existing forgot-password flow handles forgotten passwords. The extension does not change that path.

If a group has "Require passkey" turned on and an admin needs to recover a stuck user, the admin can revoke that user's passkeys via the API. The sticky banner reappears with a fresh registration prompt on next page load.

Events

Listeners subscribe via the standard Flarum event bus.

Event Fired when
Datlechin\Passkey\Event\PasskeyRegistered A new passkey has been verified and persisted.
Datlechin\Passkey\Event\PasskeyRevoked A single passkey has been deleted via the API.
Datlechin\Passkey\Event\PasskeyBulkRevoked The owner used the bulk-revoke action. Carries the count, fires once.
Datlechin\Passkey\Event\PasskeyUsed A successful sign-in. backupStateChanged flags credentials whose BS bit moved.
Datlechin\Passkey\Event\PasskeyCounterRegression An assertion failed the signature counter check.
Flarum\User\Event\LoggedIn Also fires on a successful passkey sign-in.

The web-auth library also emits Webauthn\Event\BackupEligibilityChangedEvent and Webauthn\Event\BackupStatusChangedEvent through the same bus.

Development

Integration tests:

PHPStan:

Sponsors

If this extension is useful to you, you can sponsor the work via GitHub Sponsors or Buy Me a Coffee.

Links

All versions of flarum-passkey with dependencies

PHP Build Version
Package Version
Requires php Version ^8.3
flarum/core Version ^2.0
web-auth/webauthn-lib Version ^5.3
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package datlechin/flarum-passkey contains the following files

Loading the files please wait ...