PHPackages                             protonlabs/webauthn - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. protonlabs/webauthn

Abandoned → [lbuchs/WebAuthn](/?search=lbuchs%2FWebAuthn)Library[Authentication &amp; Authorization](/categories/authentication)

protonlabs/webauthn
===================

A simple PHP WebAuthn (FIDO2) server library

v1.0.0-beta1(4y ago)34.1k2MITPHPPHP &gt;=7.1

Since Sep 30Pushed 1y ago2 watchersCompare

[ Source](https://github.com/ProtonMail/WebAuthn)[ Packagist](https://packagist.org/packages/protonlabs/webauthn)[ Docs](https://github.com/lbuchs/webauthn)[ RSS](/packages/protonlabs-webauthn/feed)WikiDiscussions master Synced 3w ago

READMEChangelog (1)DependenciesVersions (2)Used By (0)

[![Licensed under the MIT License](https://camo.githubusercontent.com/08cef40a9105b6526ca22088bc514fbfdbc9aac1ddbf8d4e6c750e3a88a44dca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d626c75652e737667)](https://github.com/lbuchs/WebAuthn/blob/master/LICENSE)[![Requires PHP 7.1.0](https://camo.githubusercontent.com/59374b4e5d4d66758a415c4740f2859d410f658ed70a07baae31772212a35d24/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d372e312e302d677265656e2e737667)](https://php.net)[![Last Commit](https://camo.githubusercontent.com/2dbde65a83ae8ba7d0f8bc467fdc0c8f962d710c05ded27b6d77df17774ad7bb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6173742d636f6d6d69742f6c62756368732f576562417574686e2e737667)](https://github.com/lbuchs/WebAuthn/commits/master)

WebAuthn
========

[](#webauthn)

*A simple PHP WebAuthn (FIDO2) server library*

Goal of this project is to provide a small, lightweight, understandable library to protect logins with passkeys, security keys like Yubico or Solo, fingerprint on Android or Windows Hello.

Manual
------

[](#manual)

See /\_test for a simple usage of this library. Check [webauthn.lubu.ch](https://webauthn.lubu.ch) for a working example.

### Supported attestation statement formats

[](#supported-attestation-statement-formats)

- android-key ✅
- android-safetynet ✅
- apple ✅
- fido-u2f ✅
- none ✅
- packed ✅
- tpm ✅

Note

This library supports authenticators which are signed with a X.509 certificate or which are self attested. ECDAA is not supported.

Workflow
--------

[](#workflow)

```
         JAVASCRIPT            |          SERVER
------------------------------------------------------------
                         REGISTRATION

   window.fetch  ----------------->     getCreateArgs
                                             |
navigator.credentials.create        processCreate
                                             |
      alert ok or fail      getCreateArgs`, set `$requireResidentKey` to true, to notify the authenticator that he should save the registration in its memory.

#### on login

[](#on-login)

When calling `WebAuthn\WebAuthn->getGetArgs`, don't provide any `$credentialIds` (the authenticator will look up the ids in its own memory and returns the user ID as userHandle). Set the type of authenticator to `hybrid` (Passkey scanned via QR Code) and `internal` (Passkey stored on the device itself).

#### disadvantage

[](#disadvantage)

The RP ID (= domain) is saved on the authenticator. So If an authenticator is lost, its theoretically possible to find the services, which the authenticator is used and login there.

### device support

[](#device-support)

Availability of built-in passkeys that automatically synchronize to all of a user’s devices: (see also [passkeys.dev/device-support](https://passkeys.dev/device-support/))

- Apple iOS 16+ / iPadOS 16+ / macOS Ventura+
- Android 9+
- Microsoft Windows 11 23H2+

Requirements
------------

[](#requirements)

- PHP &gt;= 8.0 with [OpenSSL](http://php.net/manual/en/book.openssl.php) and [Multibyte String](https://www.php.net/manual/en/book.mbstring.php)
- Browser with [WebAuthn support](https://caniuse.com/webauthn) (Firefox 60+, Chrome 67+, Edge 18+, Safari 13+)
- PHP [Sodium](https://www.php.net/manual/en/book.sodium.php) (or [Sodium Compat](https://github.com/paragonie/sodium_compat) ) for [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) support

Infos about WebAuthn
--------------------

[](#infos-about-webauthn)

- [Wikipedia](https://en.wikipedia.org/wiki/WebAuthn)
- [W3C](https://www.w3.org/TR/webauthn/)
- [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API)
- [dev.yubico](https://developers.yubico.com/FIDO2/)
- [FIDO Alliance](https://fidoalliance.org)
- [passkeys](https://passkeys.dev/)

FIDO2 Hardware
--------------

[](#fido2-hardware)

- [Yubico](https://www.yubico.com)
- [Solo](https://solokeys.com) Open Source!
- [Nitrokey](https://www.nitrokey.com/)
- [Feitan](https://fido.ftsafe.com/)
- [TrustKey](https://www.trustkeysolutions.com)
- [Google Titan](https://cloud.google.com/titan-security-key)
- [Egis](https://www.egistec.com/u2f-solution/)
- [OneSpan](https://www.vasco.com/products/two-factor-authenticators/hardware/one-button/digipass-secureclick.html)
- [Hypersecu](https://hypersecu.com/tmp/products/hyperfido)
- [Kensington VeriMark™](https://www.kensington.com/)
- [Token2](https://www.token2.com/shop/category/fido2-keys)

###  Health Score

25

—

LowBetter than 35% of packages

Maintenance26

Infrequent updates — may be unmaintained

Popularity22

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity31

Early-stage or recently created project

 Bus Factor1

Top contributor holds 88% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1736d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/837170204c2dc6beffb28cfca8ff9036709ac38d5f5f16ab2b8b8a7cb025c089?d=identicon)[BafS](/maintainers/BafS)

![](https://www.gravatar.com/avatar/07337314fa7f579e749eb6f2565747bf75075974867e44153b8382999fc83a42?d=identicon)[bartbutler](/maintainers/bartbutler)

---

Top Contributors

[![lbuchs](https://avatars.githubusercontent.com/u/37619779?v=4)](https://github.com/lbuchs "lbuchs (81 commits)")[![My1](https://avatars.githubusercontent.com/u/6696524?v=4)](https://github.com/My1 "My1 (2 commits)")[![TobiasBengtsson](https://avatars.githubusercontent.com/u/12772476?v=4)](https://github.com/TobiasBengtsson "TobiasBengtsson (2 commits)")[![Michael-MCP](https://avatars.githubusercontent.com/u/11266356?v=4)](https://github.com/Michael-MCP "Michael-MCP (1 commits)")[![nemiah](https://avatars.githubusercontent.com/u/1369437?v=4)](https://github.com/nemiah "nemiah (1 commits)")[![royjr](https://avatars.githubusercontent.com/u/1976269?v=4)](https://github.com/royjr "royjr (1 commits)")[![BenjaminHae](https://avatars.githubusercontent.com/u/7386033?v=4)](https://github.com/BenjaminHae "BenjaminHae (1 commits)")[![xellio](https://avatars.githubusercontent.com/u/10545329?v=4)](https://github.com/xellio "xellio (1 commits)")[![brainfoolong](https://avatars.githubusercontent.com/u/1684236?v=4)](https://github.com/brainfoolong "brainfoolong (1 commits)")[![hengjingyoong](https://avatars.githubusercontent.com/u/4762290?v=4)](https://github.com/hengjingyoong "hengjingyoong (1 commits)")

---

Tags

Authenticationwebauthn

### Embed Badge

![Health badge](/badges/protonlabs-webauthn/health.svg)

```
[![Health](https://phpackages.com/badges/protonlabs-webauthn/health.svg)](https://phpackages.com/packages/protonlabs-webauthn)
```

###  Alternatives

[lbuchs/webauthn

A simple PHP WebAuthn (FIDO2) server library

5861.1M30](/packages/lbuchs-webauthn)[ellaisys/aws-cognito

Laravel Authentication using AWS Cognito (Web and API)

123256.9k1](/packages/ellaisys-aws-cognito)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
