PHPackages evolution-cms/epasskeys - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. evolution-cms/epasskeys ActiveEvolutioncms-plugin[Authentication & Authorization](/categories/authentication) evolution-cms/epasskeys ======================= Passkeys (WebAuthn) for Evolution CMS 019PHP Since Jan 22Pushed 3mo agoCompare [ Source](https://github.com/evolution-cms/ePasskeys)[ Packagist](https://packagist.org/packages/evolution-cms/epasskeys)[ RSS](/packages/evolution-cms-epasskeys/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) ePasskeys ========= [](#epasskeys) Passkeys (WebAuthn) for Evolution CMS 3.5.x. Manager-first, Blade integration, no vendor lock-in. Requirements ------------ [](#requirements) - PHP 8.3+ - Evolution CMS 3.5.2+ - HTTPS (or `localhost` in dev) Install ------- [](#install) From the `core` directory of your Evo site: ``` php artisan package:installrequire evolution-cms/epasskeys "*" ``` Publish config and assets ------------------------- [](#publish-config-and-assets) ``` php artisan vendor:publish --provider="EvolutionCMS\\ePasskeys\\ePasskeysServiceProvider" --tag=epasskeys-config php artisan vendor:publish --provider="EvolutionCMS\\ePasskeys\\ePasskeysServiceProvider" --tag=epasskeys-assets ``` Build Tailwind CSS (manager UI) ------------------------------- [](#build-tailwind-css-manager-ui) ``` php artisan tailwind:build epasskeys php artisan vendor:publish --provider="EvolutionCMS\\ePasskeys\\ePasskeysServiceProvider" --tag=epasskeys-assets ``` Optional (views override): ``` php artisan vendor:publish --provider="EvolutionCMS\\ePasskeys\\ePasskeysServiceProvider" --tag=epasskeys-views ``` Optional (translations override): ``` php artisan vendor:publish --provider="EvolutionCMS\\ePasskeys\\ePasskeysServiceProvider" --tag=epasskeys-lang ``` Migrate ------- [](#migrate) ``` php artisan migrate ``` SimpleWebAuthn bundle --------------------- [](#simplewebauthn-bundle) The package includes the `@simplewebauthn/browser` UMD build in: ``` public/assets/plugins/ePasskeys/js/simplewebauthn.umd.js ``` Update this file if you want a newer version of the library. Usage ----- [](#usage) ### Manager login [](#manager-login) Once installed and assets published, the login form will show **“Sign in with Passkey”**. - Uses the existing `rememberme` checkbox for persistent sessions. - If WebAuthn is not supported, the button is disabled. ### Manage passkeys (manager) [](#manage-passkeys-manager) Open (relative to manager URL): ``` {MODX_MANAGER_URL}/webauthn/credentials ``` Create/delete passkeys for the current manager user. The menu item appears in **Tools** if the manager role has the `epasskeys` permission. The migration `2026_01_22_000002_add_epasskeys_permissions.php` creates this permission and assigns it to role ID 1 (admin). Config ------ [](#config) Config file: ``` core/custom/config/cms/settings/ePasskeys.php ``` Key settings: - `enable`: global on/off - `contexts.mgr.enable`: manager passkeys (default true) - `contexts.web.enable`: optional web context (default false) - `relying_party.id`: RP ID (defaults to current host; cannot be IP) - `relying_party.allowed_origins`: strict whitelist (array or comma-separated string) System settings overrides: - `epasskeys_enable`, `epasskeys_enable_mgr`, `epasskeys_enable_web` - `epasskeys_rp_id`, `epasskeys_rp_name`, `epasskeys_allowed_origins` Routes (manager) ---------------- [](#routes-manager) Prefix: `webauthn` under `{MODX_MANAGER_URL}` - `GET {MODX_MANAGER_URL}/webauthn/auth/options` - `POST {MODX_MANAGER_URL}/webauthn/auth` - `GET {MODX_MANAGER_URL}/webauthn/register/options` - `POST {MODX_MANAGER_URL}/webauthn/register` - `GET {MODX_MANAGER_URL}/webauthn/credentials` - `POST {MODX_MANAGER_URL}/webauthn/credentials/{id}/delete` Security notes -------------- [](#security-notes) - WebAuthn requires HTTPS or `localhost`. - `rp_id` must be a domain (not an IP). - Challenges are stored in session and are one-time use. - Recommended rate limits: - options: 10 req/min/IP - auth: 5 req/min/IP - WebAuthn flows rely on cookies/sessions (SameSite/Secure settings must allow session cookies). Events ------ [](#events) - `OnPasskeyRegistered` - `OnPasskeyAuthenticated` - `OnPasskeyDeleted` Payload includes: `context`, `user_id`, `passkey_id`, masked `credential_id`, `ip`, `user_agent`. Troubleshooting --------------- [](#troubleshooting) - **No button on login**: publish assets, verify `public/assets/plugins/ePasskeys/js/*` exists. - **Invalid origin**: configure `relying_party.allowed_origins` or correct RP ID. - **Passkey not working on local**: use `localhost`, not an IP. License ------- [](#license) MIT (see `LICENSE`). ### Health Score 20 — LowBetter than 14% of packages Maintenance53 Moderate activity, may be stable Popularity7 Limited adoption so far Community6 Small or concentrated contributor base Maturity12 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/9a722445bb0bad50ab37fec12236f407434df04d5b7b9051bdb26336758e209e?d=identicon)[dmi3yy](/maintainers/dmi3yy) --- Top Contributors [![Dmi3yy](https://avatars.githubusercontent.com/u/669491?v=4)](https://github.com/Dmi3yy "Dmi3yy (16 commits)") ### Embed Badge ![Health badge](/badges/evolution-cms-epasskeys/health.svg) ``` [![Health](https://phpackages.com/badges/evolution-cms-epasskeys/health.svg)](https://phpackages.com/packages/evolution-cms-epasskeys) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)