1. Go to this page and download the library: Download jackmartin/laravel-webauthn library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
jackmartin / laravel-webauthn example snippets
// App\Http\Controllers\LoginController.php
use Laragear\WebAuthn\Http\Requests\AssertedRequest;
public function login(AssertedRequest $request)
{
$user = $request->login();
// $user = $request->login('web', null, false, true); useJWT
return response()->json(['message' => "Welcome back, $user->name!"]);
}
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laragear\WebAuthn\Contracts\WebAuthnAuthenticatable;
use Laragear\WebAuthn\WebAuthnAuthentication;
class User extends Authenticatable implements WebAuthnAuthenticatable
{
use WebAuthnAuthentication;
// ...
}
// web.php
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Support\Facades\Route;
use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
Route::view('welcome');
// WebAuthn Routes
Route::withoutMiddleware([VerifyCsrfToken::class])->group(function () {
WebAuthnRoutes::register();
});
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
WebAuthnRoutes::register(
attest: 'auth/register',
assert: 'auth/login'
)->withoutMiddleware(VerifyCsrfToken::class);
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestationRequest;
public function createChallenge(AttestationRequest $request)
{
return $request->toCreate();
}
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestedRequest;
public function register(AttestedRequest $attestation)
{
$attestation->save();
return 'Now you can login without passwords!';
}
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestedRequest;
public function register(AttestedRequest $request)
{
$request->validate(['alias' => 'nullable|string']);
$attestation->save($request->only('alias'));
// Same as:
// $attestation->save(function ($credentials) use ($request) {
// $credentials->alias = $request->input('alias');
// })
}
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestationRequest;
public function createChallenge(AttestationRequest $request)
{
return $request->fastRegistration()->toCreate();
}
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestationRequest;
public function registerDevice(AttestationRequest $request)
{
return $request->userless()->toCreate();
}
// app\Http\Controllers\WebAuthn\AttestationController.php
use Laragear\WebAuthn\Http\Requests\AttestationRequest;
public function registerDevice(AttestationRequest $request)
{
return $request->allowDuplicates()->make();
}
// app\Http\Controllers\WebAuthn\AssertionController.php
use Laragear\WebAuthn\Http\Requests\AssertionRequest;
public function createChallenge(AssertionRequest $request)
{
$request->validate(['email' => 'sometimes|email']);
return $request->toVerify($request->only('email'));
}
// app\Http\Controllers\WebAuthn\AssertionController.php
use Laragear\WebAuthn\Http\Requests\AssertedRequest;
public function createChallenge(AssertedRequest $request)
{
$user = $request->login();
return $user
? response("Welcome back, $user->name!");
: response('Something went wrong, try again!');
}
// app\Http\Controllers\WebAuthn\AssertionController.php
use Laragear\WebAuthn\Http\Requests\AssertionRequest;
public function createChallenge(AssertionRequest $request)
{
$request->validate(['email' => 'sometimes|email']);
return $request->fastLogin()->toVerify($request->only('email'));
}
// app\Http\Controllers\Auth\LoginController.php
use Illuminate\Support\Facades\Auth;
public function login(Request $request)
{
$request->validate(['email' => 'd with these credentials']);
}
use Illuminate\Support\Facades\Event;
use Laragear\WebAuthn\Events\CredentialCloned;
use App\Notifications\SecureYourDevice;
Event::listen(CredentialCloned::class, function ($cloned) {
$notification = new SecureYourDevice($cloned->credential);
$cloned->credential->user->notify($notification);
});
use Laragear\WebAuthn\Assertion\Validator\AssertionValidation;
use Laragear\WebAuthn\Assertion\Validator\AssertionValidator;
use Illuminate\Support\Facades\Auth;
public function authenticate(Request $request, AssertionValidator $assertion)
{
$credential = $assertion
->send(new AssertionValidation($request))
->thenReturn()
->credential;
Auth::login($credential->user);
return "Welcome aboard, {$credential->user->name}!";
}
use Laragear\WebAuthn\Assertion\Validator\AssertionValidator;
use Exception;
public function authenticate(Request $request, AssertionValidator $assertion)
{
$credential = $assertion
->send(new AssertionValidation($request))
// Add new pipes to the validation.
->pipe(function($validation, $next) {
if ($validation->user?->isNotAwesome()) {
throw new Exception('The user is not awesome');
}
return $next($validation);
})
->thenReturn()
->credential;
Auth::login($credential->user);
return "Welcome aboard, {$credential->user->name}!";
}
use Illuminate\Database\Schema\Blueprint;
use Laragear\WebAuthn\Database\WebAuthnCredentialsMigration;
return new class extends WebAuthnCredentialsMigration {
/**
* Modify the migration for the WebAuthn Credentials.
*/
public function modifyMigration(Blueprint $table): void
{
// You may add here your own columns...
//
// $table->string('device_name')->nullable();
// $table->string('device_type')->nullable();
// $table->timestamp('last_login_at')->nullable();
}
};
use Illuminate\Database\Schema\Blueprint;
use Laragear\WebAuthn\Database\WebAuthnCredentialsMigration;
return new class extends WebAuthnCredentialsMigration {
// ...
public function afterUp(Blueprint $table): void
{
$table->foreignId('device_serial')->references('serial')->on('devices');
}
public function beforeDown(Blueprint $table): void
{
$table->dropForeign('device_serial')
}
};
use Illuminate\Database\Schema\Blueprint;
use Laragear\WebAuthn\Database\WebAuthnCredentialsMigration;
return new class extends WebAuthnCredentialsMigration {
protected ?string $morphType = 'ulid';
// ...
};