PHPackages supseven/webauthn - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. supseven/webauthn ActiveTypo3-cms-extension[Authentication & Authorization](/categories/authentication) supseven/webauthn ================= Webauthn provider for MFA login in TYPO3 v11+ v2.0.2(3y ago)13.7kGPL-2.0-or-laterPHPPHP ^8.1 Since Nov 8Pushed 2y ago3 watchersCompare [ Source](https://github.com/supseven-at/webauthn)[ Packagist](https://packagist.org/packages/supseven/webauthn)[ RSS](/packages/supseven-webauthn/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (8)Dependencies (10)Versions (10)Used By (0) Webauthn authentication for TYPO3 ================================= [](#webauthn-authentication-for-typo3) This is a TYPO3 CMS extension to provide Webauthn support for multi-factor-authentication in the backend. It is compatible with every browser and device supporting the Webauthn specification. When using a Chromium based browser, Firefox or Safari, those include hardware dongles/keys, Android smartphones as well as Webauthn compatible system authentications like Windows Hello, using biometric data like fingerprints, and/or Active Directory. Installation ------------ [](#installation) If the setup uses TYPO3 v11.5+, use composer to add the extension as a dependency: ``` composer require supseven/webauthn ``` Older TYPO3 versions are not supported. Configuration ------------- [](#configuration) All the following configuration settings are optional. Available options as well as their default values, if not explicitly set, are listed below. ### Base setup [](#base-setup) To set webauthn as the default MFA method, add this line to the TYPO3 setup, eg. in the AdditionalConfiguration.php file: ``` $GLOBALS['TYPO3_CONF_VARS']['BE']['recommendedMfaProvider'] = 'webauthn'; ``` Other providers still work, webauthn does not interfere with any of them. ### Extension configuration [](#extension-configuration) The following configuration values in the `$GLOBALS['TYPO3_CONF_VARS']`array are available (all optional!). If they are actually used or displayed depends on the webauthn device being used, eg.: a simple security key cannot show the name or icon. `$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['webauthn']['name']`: String with the name of the TYPO3 installation. Defaults to to the value of `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']` if not set explicitly. `$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['webauthn']['id']`: String with the ID of the app. Must be a domain name. If none given, the browser will use the domain used during device registration. Should be set to the "main" or "primary" domain if the TYPO3 backend is available under several domains. Otherwise a registered device can only be used under the domain it was registered with. `$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['webauthn']['icon']`: String with a path to an icon. If none is set, webauthn will try the value of the setting `$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['backend']['loginLogo']`. No icon will be used if neither settings are set. If the icon is actually displayed, depends on the device capabilities, eg.: a dongle without a display cannot show it, a smartphone might. ### User configuration [](#user-configuration) The actual setup is done in the "User Settings" module, for each backend user individually. If a user has a "real name" in the be\_user record, this name will be displayed, otherwise the "username" will be used. Alternatives ------------ [](#alternatives) Extension [mfa\_webauthn](https://github.com/bnf/mfa_webauthn) also provides webauthn support for MFA. The main difference is that `EXT:mfa_webauthn`offers a more *guided* UI at the expense of less supported devices. This extensions offers more freedom in choice of devices, but may confuse less experienced users with its options. As always: in case of doubt, just try them both and choose the one that best matches your requirements. Legal ----- [](#legal) ### License [](#license) The software is licensed under the GPLv2 or, at your options, a later version of this license. See [LICENSE](./LICENSE) or . ### Mentions [](#mentions) The icon is the official webauthn icon, provided by the [bootstrap icons](https://icons.getbootstrap.com/)project which uses the MIT license. See for details. Uses the [webauth-lib](https://webauthn-doc.spomky-labs.com/) library licensed under the MIT license, see for details. The client JS uses the [simlewebauthn/browser](https://simplewebauthn.dev/docs/packages/browser)library licensed under the MIT license, see for details. ### Health Score 30 — LowBetter than 64% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community8 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~22 days Recently: every ~36 days Total 9 Last Release 1103d ago Major Versions v0.1.0 → v1.0.02022-12-13 v1.0.4 → v2.0.02023-02-20 ### Community Maintainers ![](https://www.gravatar.com/avatar/734db5f15c75f25af8cfae564d15f7bc93ddc9460ed400afffc19ad21411c48b?d=identicon)[supseven](/maintainers/supseven) --- Top Contributors [![garfieldius](https://avatars.githubusercontent.com/u/705480?v=4)](https://github.com/garfieldius "garfieldius (28 commits)") ### Code Quality Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/supseven-webauthn/health.svg) ``` [![Health](https://phpackages.com/badges/supseven-webauthn/health.svg)](https://phpackages.com/packages/supseven-webauthn) ``` ### Alternatives [pagemachine/typo3-formlog Form log for TYPO3 23225.3k6](/packages/pagemachine-typo3-formlog)[eliashaeussler/typo3-warming Warming - Warms up Frontend caches based on an XML sitemap. Cache warmup can be triggered via TYPO3 backend or using a console command. Supports multiple languages and custom crawler implementations. 20229.9k](/packages/eliashaeussler-typo3-warming)[fluidtypo3/vhs This is a collection of ViewHelpers for performing rendering tasks that are not natively provided by TYPO3's Fluid templating engine. 1954.1M49](/packages/fluidtypo3-vhs)[typo3/testing-framework The TYPO3 testing framework provides base classes for unit, functional and acceptance testing. 675.0M775](/packages/typo3-testing-framework)[fluidtypo3/flux The flux package from FluidTYPO3 152982.2k20](/packages/fluidtypo3-flux)[friendsoftypo3/content-blocks TYPO3 CMS Content Blocks - Content Types API | Define reusable components via YAML 96374.6k23](/packages/friendsoftypo3-content-blocks) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)