PHPackages                             xefi/laravel-passkey-api - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. xefi/laravel-passkey-api

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

xefi/laravel-passkey-api
========================

A Laravel package for passkey authentication apis

0.3.0(2mo ago)323MITPHPPHP ^8.3CI passing

Since Apr 10Pushed 2mo agoCompare

[ Source](https://github.com/xefi/laravel-passkey-api)[ Packagist](https://packagist.org/packages/xefi/laravel-passkey-api)[ RSS](/packages/xefi-laravel-passkey-api/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (2)Dependencies (5)Versions (3)Used By (0)

Laravel Passkey
===============

[](#laravel-passkey)

[![Latest Version on Packagist](https://camo.githubusercontent.com/bf12a62f768f0f5150d070dae9aa8f53112d96836c5f93b2d6925b2fefde7d8b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f786566692f6c61726176656c2d706173736b65792d6170692e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/xefi/laravel-passkey-api)[![Tests](https://github.com/xefi/laravel-passkey-api/actions/workflows/tests.yml/badge.svg)](https://github.com/xefi/laravel-passkey-api/actions/workflows/tests.yml)[![License](https://camo.githubusercontent.com/3fcc84b17ee5b8b29aaaaefc066576980b0921a61dd58afaab7351ec8996425f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f786566692f6c61726176656c2d706173736b65792d6170692e7376673f7374796c653d666c61742d737175617265)](LICENSE)

A Laravel package for **passkey (WebAuthn/FIDO2)** authentication — register and verify passkeys through a clean REST API, with a swappable authentication action to support Sanctum, Passport, web sessions, or any custom guard.

Full documentation at **[laravel-passkey.xefi.com](https://laravel-passkey.xefi.com/)**.

---

Requirements
------------

[](#requirements)

- PHP `^8.3`
- Laravel `^12.0` or `^13.0`

---

Installation
------------

[](#installation)

```
composer require xefi/laravel-passkey-api
php artisan vendor:publish --tag=passkey-migrations
php artisan migrate
```

Add the `HasPasskeys` trait to your `User` model:

```
use Xefi\LaravelPasskey\Traits\HasPasskeys;

class User extends Authenticatable
{
    use HasPasskeys;
}
```

---

Configuration
-------------

[](#configuration)

```
php artisan vendor:publish --tag=passkey-config
```

Key options in `config/passkey.php`:

KeyDefaultDescription`enabled``true`Enable / disable the package`timeout``60000`WebAuthn operation timeout (ms)`challenge_length``32`Challenge size in bytes`user_model``App\Models\User`Authenticatable model`session_guard``null`Guard used by `CreateWebSessionAction` (falls back to Laravel default guard)`auth_action``CreateWebSessionAction`Action invoked on successful login---

Authentication Actions
----------------------

[](#authentication-actions)

The login endpoint delegates to a swappable action class. Three are provided out of the box:

```
// config/passkey.php

// Web session (default)
'auth_action' => \Xefi\LaravelPasskey\Actions\CreateWebSessionAction::class,

// Laravel Sanctum token
'auth_action' => \Xefi\LaravelPasskey\Actions\CreateSanctumTokenAction::class,

// Laravel Passport token
'auth_action' => \Xefi\LaravelPasskey\Actions\CreatePassportTokenAction::class,
```

You can also bind your own implementation of `Xefi\LaravelPasskey\Contracts\PasskeyAuthAction`.

---

API Endpoints
-------------

[](#api-endpoints)

### Passkey Management *(requires authentication)*

[](#passkey-management-requires-authentication)

MethodEndpointDescription`GET``/api/passkeys`List passkeys for the authenticated user`POST``/api/passkeys/register/options`Get registration options`POST``/api/passkeys/register`Register a new passkey### Authentication *(public)*

[](#authentication-public)

MethodEndpointDescription`POST``/api/passkeys/verify/options`Get verification options`POST``/api/passkeys/verify`Verify a passkey (MFA / re-auth)`POST``/api/passkeys/login`Authenticate and invoke the auth actionFull request/response schemas are available in the **[documentation](https://laravel-passkey.xefi.com/)**.

---

Typical Flow
------------

[](#typical-flow)

 ```
sequenceDiagram
    actor User
    participant Browser as Browser (JS)
    participant Server as Server (API)
    participant Auth as Authenticator

    Note over User,Auth: Register Passkey
    User->>Browser: Initiate registration
    Browser->>Server: POST /api/passkeys/register/options
    Server-->>Browser: Registration options + challenge
    Browser->>Auth: navigator.credentials.create()
    Auth-->>Browser: Attestation object
    Browser->>Server: POST /api/passkeys/register
    Server-->>Browser: Passkey stored

    Note over User,Auth: Login with Passkey
    User->>Browser: Initiate login
    Browser->>Server: POST /api/passkeys/verify/options
    Server-->>Browser: Authentication options + challenge
    Browser->>Auth: navigator.credentials.get()
    Auth-->>Browser: Assertion object
    Browser->>Server: POST /api/passkeys/login
    Server-->>Browser: Session / token
```

      Loading ---

Support us
----------

[](#support-us)

[![](https://raw.githubusercontent.com/xefi/art/main/support-landscape.svg)](https://www.xefi.com)

Since 1997, XEFI is a leader in IT performance support for small and medium-sized businesses through its nearly 200 local agencies based in France, Belgium, Switzerland and Spain. A one-stop shop for IT, office automation, software, [digitalization](https://www.xefi.com/solutions-software/), print and cloud needs. [Want to work with us?](https://carriere.xefi.fr/metiers-software)

---

License
-------

[](#license)

MIT — see [LICENSE](LICENSE).

###  Health Score

38

—

LowBetter than 83% of packages

Maintenance86

Actively maintained with recent releases

Popularity12

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity40

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 60% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~3 days

Total

2

Last Release

72d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/12382966?v=4)[Gautier DELEGLISE](/maintainers/GautierDele)[@GautierDele](https://github.com/GautierDele)

---

Top Contributors

[![faro-thomyris](https://avatars.githubusercontent.com/u/76995624?v=4)](https://github.com/faro-thomyris "faro-thomyris (3 commits)")[![f-rosito](https://avatars.githubusercontent.com/u/178981093?v=4)](https://github.com/f-rosito "f-rosito (1 commits)")[![GautierDele](https://avatars.githubusercontent.com/u/12382966?v=4)](https://github.com/GautierDele "GautierDele (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/xefi-laravel-passkey-api/health.svg)

```
[![Health](https://phpackages.com/badges/xefi-laravel-passkey-api/health.svg)](https://phpackages.com/packages/xefi-laravel-passkey-api)
```

###  Alternatives

[web-auth/webauthn-lib

FIDO2/Webauthn Support For PHP

1237.8M120](/packages/web-auth-webauthn-lib)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

51390.8k2](/packages/web-auth-webauthn-framework)[directorytree/ldaprecord-laravel

LDAP Authentication &amp; Management for Laravel.

5742.2M17](/packages/directorytree-ldaprecord-laravel)[illuminate/auth

The Illuminate Auth package.

9327.9M1.2k](/packages/illuminate-auth)[asbiin/laravel-webauthn

Laravel Webauthn support

312608.8k](/packages/asbiin-laravel-webauthn)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6753.6k5](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)