PHPackages pschocke/laravel-webauthn-core - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. pschocke/laravel-webauthn-core ActiveLibrary[Authentication & Authorization](/categories/authentication) pschocke/laravel-webauthn-core ============================== Non opinionated Laravel Webauthn support 18PHP Since Nov 29Pushed 4y ago1 watchersCompare [ Source](https://github.com/pschocke/laravel-webauthn)[ Packagist](https://packagist.org/packages/pschocke/laravel-webauthn-core)[ RSS](/packages/pschocke-laravel-webauthn-core/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Webauthn adapter for Laravel ============================ [](#webauthn-adapter-for-laravel) LaravelWebauthn is an adapter to use Webauthn in Laravel. It provides you with all the tools you need to build 2fa login or authorisation. It is highly inspired and copies a lot of code from the [laravel-webauthn package by asbiin](https://github.com/asbiin/laravel-webauthn), but comes without routes, controllers and middlewares to give you maximum flexibilities. It is basically the extracted core functionality. If you want a ready to go implementation to just drop into your application, be sure to check his repository out. Installation ============ [](#installation) You may use Composer to install this package into your Laravel project: ``` composer require pschocke/laravel-webauthn ``` You don't need to add this package to your service providers. Support ------- [](#support) This package supports Laravel 5.8 and newer, and has been tested with php 7.2 and newer versions. It's based on [asbiin/laravel-webauthn](https://github.com/asbiin/laravel-webauthn), which in turn is based on [web-auth/webauthn-framework](https://github.com/web-auth/webauthn-framework). Important --------- [](#important) Your browser will refuse to negotiate a relay to your security device without the following: - domain (localhost and 127.0.0.1 will be rejected by `webauthn.js`) - an SSL/TLS certificate trusted by your browser (self-signed is okay) - connected HTTPS on port 443 (ports other than 443 will be rejected) Configuration ------------- [](#configuration) You can publish the LaravelWebauthn configuration in a file named `config/webauthn.php`, and resources. Just run this artisan command: ``` php artisan vendor:publish --provider="Pschocke\LaravelWebauthn\LaravelWebauthnServiceProvider" ``` This publishes the config file to `/config/webauthn.php` and a new migration. After that, run your migrations ``` php artisan migrate ``` ### initial configuration [](#initial-configuration) Webauthn is typically used with the User model, but to give you the ability to use it with another model, you need to implement the `WebauthnCredentiable` interface on the model that is used for authentication: ``` class User extends Authenticatable implements Pschocke\LaravelWebauthn\Contracts\WebauthnCredentiable {} ``` Usage ----- [](#usage) The following examples just show ONE way to register and authenticate. There are a lot of other ways to make webauthn authorisation work. ### Registration of new Webauthn device [](#registration-of-new-webauthn-device) To use a webauthn device (e.g. touchID, Yubikey, Windows Hello, etc...) to authenticate a user, you first need to register the device and connect it to the user. The registration is initiated by javascript and validated on the server side. First, generate a public key and give it to the javascript: ``` $publicKey = Pschocke\LaravelWebauthn\Facades\Webauthn::getRegisterData($user); ``` Be sure to keep the public key present for the validation part, e.g. in session or in your livewire component. ``` ... Register new Device @csrf ... var publicKey = {!! json_encode($publicKey) !!}; var webauthn = new WebAuthn(); register = function() { webauthn.register( publicKey, function (datas) { document.getElementById('register').value = JSON.stringify(datas); document.getElementById('form').submit(); } ); } ``` And on submit, validate the response and attach it to the user: ``` Pschocke\LaravelWebauthn\Facades\Webauthn::doRegister( $user, $publicKey, $submittedData, $nameOfTheKey ); ``` This method will throw an exception if it encounters corrupted data. If it runs without error, the key has been registered and you can notify the user about its success. Authenticate ------------ [](#authenticate) After a user has registered a webauthn device, you can check if a given device is registered to a given user: First, you need to generate a public key and send it to your javascript: ``` $publicKey = Pschocke\LaravelWebauthn\Facades\Webauthn::getAuthenticateData($user); ``` Be sure to keep the public key present for the validation part, e.g. in session or in your livewire component. ``` ... Register new Device @csrf ... var publicKey = {!! json_encode($publicKey) !!}; var webauthn = new WebAuthn(); webauthn.sign( publicKey, function (datas) { document.getElementById("data").value = JSON.stringify(datas), document.getElementById("form").submit(); } ); ``` Finally you need to validate the publickey response: ``` $result = Webauthn::doAuthenticate( $request->user(), $publicKey, $request->input( 'data') ); ``` This method will throw an exception if it encounters corrupted data. If result is true, your user has been checked successfully and you are free to log him in/authorize it for a part of your application, etc. License ======= [](#license) Licensed under the MIT License. [View license](/LICENSE). A lot of the code was written by [Alexis Saettler](https://github.com/asbiin) ### Health Score 17 — LowBetter than 6% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community7 Small or concentrated contributor base Maturity28 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/8cd89f9905a333779736ad73453f1cfc4c13bf89471e2427975aa43927bb1419?d=identicon)[pschocke](/maintainers/pschocke) --- Top Contributors [![pschocke](https://avatars.githubusercontent.com/u/26882621?v=4)](https://github.com/pschocke "pschocke (5 commits)") ### Embed Badge ![Health badge](/badges/pschocke-laravel-webauthn-core/health.svg) ``` [![Health](https://phpackages.com/badges/pschocke-laravel-webauthn-core/health.svg)](https://phpackages.com/packages/pschocke-laravel-webauthn-core) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)