PHPackages                             niyazialpay/webauthn-mongodb - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Database &amp; ORM](/categories/database)
4. /
5. niyazialpay/webauthn-mongodb

ActiveLibrary[Database &amp; ORM](/categories/database)

niyazialpay/webauthn-mongodb
============================

Authenticate users with Passkeys: fingerprints, patterns and biometric data.

2.x-dev(2y ago)026MITPHPPHP ^8.2

Since Jan 10Pushed 2y agoCompare

[ Source](https://github.com/niyazialpay/WebAuthn-MongoDB)[ Packagist](https://packagist.org/packages/niyazialpay/webauthn-mongodb)[ Docs](https://github.com/niyazialpay/WebAuthn-MongoDB)[ Fund](https://github.com/sponsors/DarkGhostHunter)[ Fund](https://paypal.me/darkghosthunter)[ RSS](/packages/niyazialpay-webauthn-mongodb/feed)WikiDiscussions 2.x Synced 1mo ago

READMEChangelogDependencies (10)Versions (2)Used By (0)

WebAuthn
========

[](#webauthn)

[![Latest Version on Packagist](https://camo.githubusercontent.com/dc61922260dc3477d990cf908d60fce9d2bba316de76d31137864cb22733735c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c617261676561722f776562617574686e2e737667)](https://packagist.org/packages/laragear/webauthn)[![Latest stable test run](https://github.com/Laragear/WebAuthn/actions/workflows/php.yml/badge.svg?branch=1.x)](https://github.com/Laragear/WebAuthn/actions/workflows/php.yml)[![Codecov coverage](https://camo.githubusercontent.com/27888f5bd83012f130a1c356835395369d8fc97e9cf8e69f5736160a00bd5a34/68747470733a2f2f636f6465636f762e696f2f67682f4c617261676561722f576562417574686e2f6272616e63682f312e782f67726170682f62616467652e7376673f746f6b656e3d48496e67727651654f6a)](https://codecov.io/gh/Laragear/WebAuthn)[![CodeClimate Maintainability](https://camo.githubusercontent.com/d0c2027ed017b6548ff9251d82d29ac1ffe2cbb49a5851b580c1fc89d04280d3/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f33393834316234306162346230356238663964332f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/Laragear/WebAuthn/maintainability)[![Sonarcloud Status](https://camo.githubusercontent.com/337c05811a6965faca688bb12780edcea5d90136f8015229a0feaf44cc7b10d1/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4c617261676561725f576562417574686e266d65747269633d616c6572745f737461747573)](https://sonarcloud.io/dashboard?id=Laragear_WebAuthn)[![Laravel Octane Compatibility](https://camo.githubusercontent.com/70359a356da237cd29561bc5d0bb80baae775b5ff62f288ed324755382858342/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2532304f6374616e652d436f6d70617469626c652d737563636573733f7374796c653d666c6174266c6f676f3d6c61726176656c)](https://laravel.com/docs/9.x/octane#introduction)

Authenticate users with Passkeys: fingerprints, patterns and biometric data.

```
// App\Http\Controllers\LoginController.php
use niyazialpay\WebAuthn\Http\Requests\AssertedRequest;

public function login(AssertedRequest $request)
{
    $user = $request->login();

    return response()->json(['message' => "Welcome back, $user->name!"]);
}
```

Tip

You want to add two-factor authentication to your app? Check out [Laragear TwoFactor](https://github.com/Laragear/TwoFactor).

Become a sponsor
----------------

[](#become-a-sponsor)

[![](.github/assets/support.png)](https://github.com/sponsors/DarkGhostHunter)

Your support allows me to keep this package free, up-to-date and maintainable. Alternatively, you can **[spread the word!](http://twitter.com/share?text=I%20am%20using%20this%20cool%20PHP%20package&url=https://github.com%2FLaragear%2FWebAuthn&hashtags=PHP,Laravel)**

Requirements
------------

[](#requirements)

- Laravel 10.x or later.
- PHP 8.1 or later.
- The `ext-openssl` extension.
- The `ext-sodium` extension (optional, for EdDSA 25519 public keys).

Tip

If you can't enable the `ext-sodium` extension for whatever reason, you may try installing [`paragonie/sodium_compat`](https://github.com/paragonie/sodium_compat).

Installation
------------

[](#installation)

Require this package into your project using Composer:

```
composer require niyazialpay/webauthn-mongodb
```

How Passkeys work?
------------------

[](#how-passkeys-work)

Passkeys, hence WebAuthn, consists in two *ceremonies*: attestation, and assertion.

Attestation is the process of asking the authenticator (a phone, laptop, USB key...) to create a private-public key pair, save the private key internally, and **store** the public key inside your app. For that to work, the browser must support WebAuthn, which is what intermediates between the authenticator (OS &amp; device hardware) and the server.

Assertion is the process of pushing a cryptographic challenge to the authenticator, which will return back to the server *signed* by the private key of the device. Upon arrival, the server checks the signature is correct with the stored public key, ready to **log in**.

The private key doesn't leave the authenticator, there are no shared passwords stored anywhere, and Passkeys only work on the server domain (like google.com) or subdomain (like auth.google.com).

Set up
------

[](#set-up)

We need to make sure your users can register their devices and authenticate with them.

1. [Publish the files](#2-publish-files-and-migrate)
2. [Add the WebAuthn driver](#1-add-the-webauthn-driver)
3. [Implement the contract and trait](#3-implement-the-contract-and-trait)
4. [Register the controllers](#4-register-the-routes-and-controllers) *(optional)*
5. [Use the Javascript helper](#5-use-the-javascript-helper) *(optional)*

### 1. Add the WebAuthn driver

[](#1-add-the-webauthn-driver)

Laragear WebAuthn works by extending the Eloquent User Provider with a simple additional check to find a user for the given WebAuthn Credentials (Assertion). This makes this WebAuthn package compatible with any guard you may have.

Simply go into your `auth.php` configuration file, change the driver from `eloquent` to `eloquent-webauthn`, and add the `password_fallback` to `true`.

```
return [
    // ...

    'providers' => [
        'users' => [
            'driver' => 'eloquent-webauthn',
            'model' => App\User::class,
            'password_fallback' => true,
        ],
    ]
];
```

The `password_fallback` indicates the User Provider should fall back to validate the password when the request is not a WebAuthn Assertion. It's enabled to seamlessly use both classic (password) and WebAuthn authentication procedures.

### 2. Publish files and migrate

[](#2-publish-files-and-migrate)

With the single `webauthn:install` command, you can install the configuration, routes, and migration files.

```
php artisan webauthn:install
```

This will also publish a migration file needed to create a table to hold the WebAuthn Credentials (Passkeys). Once ready, migrate your application to create the table.

```
php artisan migrate
```

Tip

You can [modify the migration](MIGRATIONS.md) if you need to, like [changing the table name](MIGRATIONS.md#custom-table-name).

### 3. Implement the contract and trait

[](#3-implement-the-contract-and-trait)

Add the `WebAuthnAuthenticatable` contract and the `WebAuthnAuthentication` trait to the User class, or any other that uses authentication.

```