PHPackages protonlabs/webauthn - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. protonlabs/webauthn Abandoned → [lbuchs/WebAuthn](/?search=lbuchs%2FWebAuthn)Library[Authentication & Authorization](/categories/authentication) protonlabs/webauthn =================== A simple PHP WebAuthn (FIDO2) server library v1.0.0-beta1(4y ago)14.1k2MITPHPPHP >=7.1 Since Sep 30Pushed 1y ago2 watchersCompare [ Source](https://github.com/ProtonMail/WebAuthn)[ Packagist](https://packagist.org/packages/protonlabs/webauthn)[ Docs](https://github.com/lbuchs/webauthn)[ RSS](/packages/protonlabs-webauthn/feed)WikiDiscussions master Synced today READMEChangelog (1)DependenciesVersions (2)Used By (0) [![Licensed under the MIT License](https://camo.githubusercontent.com/08cef40a9105b6526ca22088bc514fbfdbc9aac1ddbf8d4e6c750e3a88a44dca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d626c75652e737667)](https://github.com/lbuchs/WebAuthn/blob/master/LICENSE)[![Requires PHP 7.1.0](https://camo.githubusercontent.com/59374b4e5d4d66758a415c4740f2859d410f658ed70a07baae31772212a35d24/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d372e312e302d677265656e2e737667)](https://php.net)[![Last Commit](https://camo.githubusercontent.com/2dbde65a83ae8ba7d0f8bc467fdc0c8f962d710c05ded27b6d77df17774ad7bb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6173742d636f6d6d69742f6c62756368732f576562417574686e2e737667)](https://github.com/lbuchs/WebAuthn/commits/master) WebAuthn ======== [](#webauthn) *A simple PHP WebAuthn (FIDO2) server library* Goal of this project is to provide a small, lightweight, understandable library to protect logins with passkeys, security keys like Yubico or Solo, fingerprint on Android or Windows Hello. Manual ------ [](#manual) See /\_test for a simple usage of this library. Check [webauthn.lubu.ch](https://webauthn.lubu.ch) for a working example. ### Supported attestation statement formats [](#supported-attestation-statement-formats) - android-key ✅ - android-safetynet ✅ - apple ✅ - fido-u2f ✅ - none ✅ - packed ✅ - tpm ✅ Note This library supports authenticators which are signed with a X.509 certificate or which are self attested. ECDAA is not supported. Workflow -------- [](#workflow) ``` JAVASCRIPT | SERVER ------------------------------------------------------------ REGISTRATION window.fetch -----------------> getCreateArgs | navigator.credentials.create processCreate | alert ok or fail getCreateArgs`, set `$requireResidentKey` to true, to notify the authenticator that he should save the registration in its memory. #### on login [](#on-login) When calling `WebAuthn\WebAuthn->getGetArgs`, don't provide any `$credentialIds` (the authenticator will look up the ids in its own memory and returns the user ID as userHandle). Set the type of authenticator to `hybrid` (Passkey scanned via QR Code) and `internal` (Passkey stored on the device itself). #### disadvantage [](#disadvantage) The RP ID (= domain) is saved on the authenticator. So If an authenticator is lost, its theoretically possible to find the services, which the authenticator is used and login there. ### device support [](#device-support) Availability of built-in passkeys that automatically synchronize to all of a user’s devices: (see also [passkeys.dev/device-support](https://passkeys.dev/device-support/)) - Apple iOS 16+ / iPadOS 16+ / macOS Ventura+ - Android 9+ - Microsoft Windows 11 23H2+ Requirements ------------ [](#requirements) - PHP >= 8.0 with [OpenSSL](http://php.net/manual/en/book.openssl.php) and [Multibyte String](https://www.php.net/manual/en/book.mbstring.php) - Browser with [WebAuthn support](https://caniuse.com/webauthn) (Firefox 60+, Chrome 67+, Edge 18+, Safari 13+) - PHP [Sodium](https://www.php.net/manual/en/book.sodium.php) (or [Sodium Compat](https://github.com/paragonie/sodium_compat) ) for [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) support Infos about WebAuthn -------------------- [](#infos-about-webauthn) - [Wikipedia](https://en.wikipedia.org/wiki/WebAuthn) - [W3C](https://www.w3.org/TR/webauthn/) - [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API) - [dev.yubico](https://developers.yubico.com/FIDO2/) - [FIDO Alliance](https://fidoalliance.org) - [passkeys](https://passkeys.dev/) FIDO2 Hardware -------------- [](#fido2-hardware) - [Yubico](https://www.yubico.com) - [Solo](https://solokeys.com) Open Source! - [Nitrokey](https://www.nitrokey.com/) - [Feitan](https://fido.ftsafe.com/) - [TrustKey](https://www.trustkeysolutions.com) - [Google Titan](https://cloud.google.com/titan-security-key) - [Egis](https://www.egistec.com/u2f-solution/) - [OneSpan](https://www.vasco.com/products/two-factor-authenticators/hardware/one-button/digipass-secureclick.html) - [Hypersecu](https://hypersecu.com/tmp/products/hyperfido) - [Kensington VeriMark™](https://www.kensington.com/) - [Token2](https://www.token2.com/shop/category/fido2-keys) ### Health Score 26 — LowBetter than 43% of packages Maintenance28 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community19 Small or concentrated contributor base Maturity31 Early-stage or recently created project Bus Factor1 Top contributor holds 88% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1682d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/837170204c2dc6beffb28cfca8ff9036709ac38d5f5f16ab2b8b8a7cb025c089?d=identicon)[BafS](/maintainers/BafS) ![](https://www.gravatar.com/avatar/07337314fa7f579e749eb6f2565747bf75075974867e44153b8382999fc83a42?d=identicon)[bartbutler](/maintainers/bartbutler) --- Top Contributors [![lbuchs](https://avatars.githubusercontent.com/u/37619779?v=4)](https://github.com/lbuchs "lbuchs (81 commits)")[![My1](https://avatars.githubusercontent.com/u/6696524?v=4)](https://github.com/My1 "My1 (2 commits)")[![TobiasBengtsson](https://avatars.githubusercontent.com/u/12772476?v=4)](https://github.com/TobiasBengtsson "TobiasBengtsson (2 commits)")[![Michael-MCP](https://avatars.githubusercontent.com/u/11266356?v=4)](https://github.com/Michael-MCP "Michael-MCP (1 commits)")[![nemiah](https://avatars.githubusercontent.com/u/1369437?v=4)](https://github.com/nemiah "nemiah (1 commits)")[![royjr](https://avatars.githubusercontent.com/u/1976269?v=4)](https://github.com/royjr "royjr (1 commits)")[![BenjaminHae](https://avatars.githubusercontent.com/u/7386033?v=4)](https://github.com/BenjaminHae "BenjaminHae (1 commits)")[![xellio](https://avatars.githubusercontent.com/u/10545329?v=4)](https://github.com/xellio "xellio (1 commits)")[![brainfoolong](https://avatars.githubusercontent.com/u/1684236?v=4)](https://github.com/brainfoolong "brainfoolong (1 commits)")[![hengjingyoong](https://avatars.githubusercontent.com/u/4762290?v=4)](https://github.com/hengjingyoong "hengjingyoong (1 commits)") --- Tags Authenticationwebauthn ### Embed Badge ![Health badge](/badges/protonlabs-webauthn/health.svg) ``` [![Health](https://phpackages.com/badges/protonlabs-webauthn/health.svg)](https://phpackages.com/packages/protonlabs-webauthn) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M344](/packages/tymon-jwt-auth)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M247](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[google/auth Google Auth Library for PHP 1.4k272.7M161](/packages/google-auth)[pragmarx/google2fa A One Time Password Authentication package, compatible with Google Authenticator. 2.0k82.4M163](/packages/pragmarx-google2fa)[paragonie/sodium_compat Pure PHP implementation of libsodium; uses the PHP extension if it exists 934131.6M153](/packages/paragonie-sodium-compat) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)