Download the PHP package pronin/webauthn-emulator without Composer
On this page you can find all versions of the php package pronin/webauthn-emulator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download pronin/webauthn-emulator
More information about pronin/webauthn-emulator
Files in pronin/webauthn-emulator
Package webauthn-emulator
Short Description PHP library to emulate WebAuthn authenticators like YubiKeys, Touch ID, Face ID, Windows Hello, etc
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package webauthn-emulator
WebAuthn Emulator
A simple PHP WebAuthn (FIDO2) client library
webauthn-emulator is a PHP library that emulates WebAuthn-compatible authenticators like YubiKeys, Touch ID, Face ID,
Windows Hello, etc. It essentially simulates the behavior
of Web Authentication API of a browser,
allowing the developers to integrate WebAuthn client-side authentication into their applications.
Table of Contents
- Features
- Installation
- Quick Start
- Usage
- Initialization
- Registration (Attestation)
- Authentication (Assertion)
- Base64url vs Base64 Encoding
- More Examples
- Storing Credentials
- Limitations
- Contributing and Reporting Issues
- License
- Acknowledgments
Features
- Generate responses for WebAuthn registration (attestation) and authentication (assertion) requests.
- Works with any key storage.
- Supports multiple users and credentials.
Installation
The recommended way to install webauthn-emulator is through Composer:
Quick Start
After installing webauthn-emulator via Composer, you can quickly begin by creating an instance of the Authenticator
class and using it to handle WebAuthn registration and authentication.
Initialize the authenticator:
Generate a response to a registration challenge:
Generate a response to an authentication challenge:
Usage
The webauthn-emulator library provides a straightforward interface to emulate WebAuthn authenticators. Below are the
primary methods you will use to interact with the library, along with detailed explanations of their parameters.
Initialization
To begin using the emulator, instantiate the Authenticator class with a credential repository that implements
the RepositoryInterface. The library includes a FileRepository for testing purposes, which you can replace with a
custom repository for different storage solutions.
Registration (Attestation)
The getAttestation creates a new key pair and generates a response to a WebAuthn registration challenge, simulating
the process of registering a new authenticator with a WebAuthn relying party. Its behavior is similar to sequentially
calling navigator.credentials.create()
and navigator.credentials.get()
in the browser. Refer to
the Web Authentication API documentation for
more details.
getAttestation accepts the following parameters:
registerOptions(array, required): Contains the registration challenge data from the relying party, including the relying party's information, user data, challenge, and other registration options.origin(string, optional): The origin of the relying party's website. It defaults to an origin constructed from therpIdif omitted.extra(array, optional): Additional data to include in theclientDataJSONobject. If omitted, onlytype,origin, andchallengeare included.
Returns an array similar to PublicKeyCredential,
Authentication (Assertion)
The getAssertion method generates a response to a WebAuthn authentication challenge, simulating the process of logging
in with a previously registered key. Its behavior is similar to calling the
browser's navigator.credentials.get().
getAssertion accepts the following parameters:
rpId(string, required): The relying party identifier, typically the domain name of the relying party's website.credentialIds(string|array|null, optional): A single credential ID, an array of credential descriptors, or null. It identifies which credentials are eligible for authentication. If null or omitted, any available credential for therpIdmay be used.challenge(string, required): A base64 or base64url encoded challenge from the relying party to prevent replay attacks.origin(string, optional): The origin of the relying party's website. It defaults to an origin constructed from therpIdif omitted.extra(array, optional): Additional data to include in theclientDataJSONobject. If omitted, onlytype,origin, andchallengeare included.
Returns an array similar to PublicKeyCredential, the output of navigator.credentials.get() in the browser.
Base64url vs Base64 Encoding
WebAuthn servers often use base64url encoding to represent binary data in a URL-safe format. This encoding is similar to
standard base64 but uses different characters for padding and to represent the 62nd and 63rd values in the index table.
Specifically, base64url encoding replaces + with -, / with _, and omits the padding character =. This makes it
suitable for use in URLs and filenames without requiring additional encoding.
Different WebAuthn server implementations vary in their use of base64url encoding. Some use base64url-encoded strings for 'id' or 'challenge' fields, while others use standard base64 encoding or a mix of both. This lack of consistency puts the burden to figure out which encoding is used by a particular server and to convert the data accordingly on the developer.
The webauthn-emulator library provides two utility methods to handle these encoding variations:
-
base64Normal2Url: Converts standard base64-encoded strings or arrays to base64url encoding. This method is useful when you need to send data to a server that expects base64url-encoded strings. base64Url2Normal: Converts base64url-encoded strings or arrays back to standard base64 encoding with padding. This method is helpful when you receive data from a server that uses base64url encoding, before feeding it to the emulator.
These methods can be applied recursively to arrays, making it easy to encode or decode all elements within an array.
Usage of Base64url Encoding/Decoding Methods
When interacting with a WebAuthn server, you may need to encode or decode the 'id', 'challenge', or other binary data fields. Here's how you can use the provided methods:
With single strings:
With arrays:
By using these methods, you can ensure that the data you send and receive from WebAuthn servers is correctly encoded, regardless of the server's specific implementation details.
More Examples
For more detailed examples of how to use webauthn-emulator to simulate WebAuthn registration and authentication
processes, refer to the examples directory in the repository:
- webauthnio_reg.php: Registration with a webauthn.io demo server.
- webauthnio_login.php: Login with a webauthn.io demo server.
- yubico_reg.php: Registration with a Yubico demo server (non-standard query structure).
- yubico_login.php: Login with a Yubico demo server (non-standard query structure).
- lubuch_reg.php: Registration with a Lubu.ch demo server (non-standard base64url/binary encoding).
- lubuch_login.php: Login with a Lubu.ch demo server (non-standard base64url/binary encoding).
- quadoio_reg.php: Registration with a Quado demo server (custom origins and additional data).
- quadoio_login.php: Login with a Quado demo server (custom origins and additional data).
Each server has its own peculiarities, so the examples demonstrate how to handle different scenarios, such as non-standard base64url encoding, custom origins, and additional data.
Storing Credentials
The webauthn-emulator relies on a credential repository to store and manage credentials. By default, an example
implementation using a file-based repository (FileRepository) is provided. However, you can implement your own
repository to store credentials in other places, such as a database by adhering to the RepositoryInterface.
Here's an example of using the provided FileRepository:
To create a custom repository, implement the RepositoryInterface:
Replace the FileRepository with your custom repository when initializing the Authenticator:
This flexibility allows you to integrate the webauthn-emulator with various storage backends, such as databases or
cloud storage solutions, depending on your application's requirements.
Limitations
webauthn-emulator is designed to support the core functionalities required for WebAuthn registration and
authentication. However, there are some limitations to be aware of:
- The emulator currently supports only the 'none' attestation format. Other formats like 'packed', 'tpm', 'android-safetynet', etc., are not supported.
- The library is limited to the ES256 (alg: -7) signing algorithm for public key credentials. Other algorithms like RS256 or EdDSA are not currently supported. If you need support for other algorithms, please open an issue or submit a pull request.
Contributing and Reporting Issues
Contributions are welcome! If you'd like to contribute or have found a bug, please submit a pull request or report an issue on the project's GitHub repository. When contributing, ensure your code follows the project's existing style for consistency.
For feature requests or bug reports, please check the GitHub Issues to see if it has already been reported. If not, create a new issue with a detailed description.
License
webauthn-emulator is open-source software licensed under the MIT License. For more details, see the LICENSE
file in the repository.
Acknowledgments
Special thanks to Rayaz Sultanov (codeproger) for co-creating webauthn-emulator.
