PHPackages                             surfnet/stepup-u2f-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. surfnet/stepup-u2f-bundle

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

surfnet/stepup-u2f-bundle
=========================

The SURFnet Step-up U2F bundle contains server-side device verification, and the necessary forms and resources to enable client-side U2F interaction with Step-up Identities

4.0.0(5y ago)05.4k[1 issues](https://github.com/OpenConext/Stepup-u2f-bundle/issues)Apache-2.0PHPPHP ^7

Since Aug 29Pushed 5y ago10 watchersCompare

[ Source](https://github.com/OpenConext/Stepup-u2f-bundle)[ Packagist](https://packagist.org/packages/surfnet/stepup-u2f-bundle)[ RSS](/packages/surfnet-stepup-u2f-bundle/feed)WikiDiscussions develop Synced 1mo ago

READMEChangelogDependencies (14)Versions (4)Used By (0)

Step-up U2fBundle
=================

[](#step-up-u2fbundle)

[![Build Status](https://camo.githubusercontent.com/fea30f0693710737800c377ccd6a4a513bad60b3a9ebecebc6e83f01e8ad0bd1/68747470733a2f2f7472617669732d63692e6f72672f4f70656e436f6e6578742f5374657075702d7532662d62756e646c652e737667)](https://travis-ci.org/OpenConext/Stepup-u2f-bundle) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/94a9f143ace6b370e152f074f74d745efb79f6a07d6f9e74fe474cd22daa66be/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f4f70656e436f6e6578742f5374657075702d7532662d62756e646c652f6261646765732f7175616c6974792d73636f72652e706e673f623d646576656c6f70)](https://scrutinizer-ci.com/g/OpenConext/Stepup-u2f-bundle/?branch=develop)

The SURFnet Step-up U2F Bundle contains server-side device verification, and the necessary forms and resources to enable client-side U2F interaction with Step-up Identities

Installation and configuration
------------------------------

[](#installation-and-configuration)

- Add the package to your Composer file

    ```
    composer require surfnet/stepup-u2f-bundle
    ```
- Add the bundle to your kernel in `app/AppKernel.php`

    ```
    public function registerBundles()
    {
        // ...
        $bundles[] = new Surfnet\StepupU2fBundle\SurfnetStepupU2fBundle();
    }
    ```

Configuration
-------------

[](#configuration)

### AppID

[](#appid)

```
# config.yml
surfnet_stepup_u2f:
    app_id: 'https://application.tld/U2F/AppID'
```

Usage
-----

[](#usage)

### Registering U2F devices

[](#registering-u2f-devices)

```
/** @Template */
public function registerDeviceAction(Request $request)
{
    $service = $this->get('surfnet_stepup_u2f.service.u2f');

    $registerRequest = $service->requestRegistration();
    $registerResponse = new RegisterResponse();
    $form = $this->createForm('surfnet_stepup_u2f_register_device', $registerResponse, [
        'register_request' => $registerRequest,
    ]);

    if (!$form->isValid()) {
        $this->get('my.session.bag')->set('request', $registerRequest);
        return ['form' => $form->createView()];
    }

    $result = $service->verifyRegistration(
        $this->get('my.session.bag')->get('request'),
        $registerResponse
    );

    if ($result->wasSuccessful()) {
        $registration = $result->getRegistration());
        // ...
    } elseif ($result->handleAllErrorMethods()) {
        // Display an error to the user and allow him/her to retry with a new request
    }
}
```

**Note:** Don't display the registration form after an error: the browser or device may immediately respond with the same error, causing an infinite form submission loop. Let the user device whether to initiate a new registration.

### Verifying U2F device authentications

[](#verifying-u2f-device-authentications)

```
/** @Template */
public function verifyDeviceAuthenticationAction(Request $request)
{
    $service = $this->get('surfnet_stepup_u2f.service.authentication');

    $signRequest = $service->requestAuthentication();
    $signResponse = new SignResponse();
    $form = $this->createForm('surfnet_stepup_u2f_verify_device_authentication', $signResponse, [
        'sign_request' => $signRequest,
    ]);

    if (!$form->isValid()) {
        $this->get('my.session.bag')->set('request', $signRequest);
        return ['form' => $form->createView()];
    }

    $result = $service->verifyAuthentication(
        $this->get('my.session.bag')->get('request'),
        $signResponse
    );

    if ($result->wasSuccessful()) {
        // ...
    } elseif ($result->handleAllErrorMethods()) {
        // Display an error to the user and allow him/her to retry with a new request
    }
}
```

**Note:** Don't display the authentication form after an error: the browser or device may immediately respond with the same error, causing an infinite form submission loop. Let the user device whether to initiate a new authentication.

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor1

Top contributor holds 52.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~664 days

Total

2

Last Release

2154d ago

Major Versions

3.4.0 → 4.0.02020-06-24

PHP version history (2 changes)3.4.0PHP &gt;=5.4|^7

4.0.0PHP ^7

### Community

Maintainers

![](https://www.gravatar.com/avatar/803ee614b9224b163d1bdb86e754af17eea0af3eabeda3e034ee8df1cb7b7e84?d=identicon)[pgmvdm](/maintainers/pgmvdm)

![](https://www.gravatar.com/avatar/616909370e1d434adc1088469108ed5cd32c15656d037d24d89dd9750bbbed00?d=identicon)[phavekes](/maintainers/phavekes)

---

Top Contributors

[![MKodde](https://avatars.githubusercontent.com/u/28252948?v=4)](https://github.com/MKodde "MKodde (10 commits)")[![rjkip](https://avatars.githubusercontent.com/u/1734555?v=4)](https://github.com/rjkip "rjkip (7 commits)")[![pablothedude](https://avatars.githubusercontent.com/u/30088478?v=4)](https://github.com/pablothedude "pablothedude (2 commits)")

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/surfnet-stepup-u2f-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/surfnet-stepup-u2f-bundle/health.svg)](https://phpackages.com/packages/surfnet-stepup-u2f-bundle)
```

###  Alternatives

[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.4k5.6M651](/packages/sylius-sylius)[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k16.7M310](/packages/easycorp-easyadmin-bundle)[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k172.9M1.8k](/packages/symfony-security-bundle)[prestashop/prestashop

PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.

9.0k15.4k](/packages/prestashop-prestashop)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

578630.7k1](/packages/scheb-2fa)[contao/core-bundle

Contao Open Source CMS

1231.6M2.4k](/packages/contao-core-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)