PHPackages z3r091/larapass - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. z3r091/larapass ActiveLibrary z3r091/larapass =============== Authenticate users with just their device, fingerprint or biometric data. Goodbye passwords! 1.0(6mo ago)01MITPHPPHP >=7.4.0 Since Nov 3Pushed 6mo agoCompare [ Source](https://github.com/z3r091/Larapass)[ Packagist](https://packagist.org/packages/z3r091/larapass)[ Docs](https://github.com/darkghosthunter/larapass)[ Fund](https://paypal.me/darkghosthunter)[ Fund](https://ko-fi.com/DarkGhostHunter)[ RSS](/packages/z3r091-larapass/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (9)Versions (2)Used By (0) This package has been superseded by [Laragear WebAuthn](https://github.com/Laragear/WebAuthn). ============================================================================================== [](#this-package-has-been-superseded-by-laragear-webauthn) --- [![Lukenn Sabellano - Unsplash (UL) #RDufjtg6JpQ](https://camo.githubusercontent.com/2ebf9c263375dec6087af25e8889d16f5f8a6a38f078832cee920d7e3292e569/68747470733a2f2f696d616765732e756e73706c6173682e636f6d2f70686f746f2d313536373832363732323138362d3965636466363839663132323f69786c69623d72622d312e322e31266175746f3d666f726d6174266669743d63726f7026773d3132383026683d34303026713d3830)](https://camo.githubusercontent.com/2ebf9c263375dec6087af25e8889d16f5f8a6a38f078832cee920d7e3292e569/68747470733a2f2f696d616765732e756e73706c6173682e636f6d2f70686f746f2d313536373832363732323138362d3965636466363839663132323f69786c69623d72622d312e322e31266175746f3d666f726d6174266669743d63726f7026773d3132383026683d34303026713d3830) [![Latest Stable Version](https://camo.githubusercontent.com/676f05ad2b1c4871e8cbffb8aed29540176a996fbb5660198562606784b8c210/68747470733a2f2f706f7365722e707567782e6f72672f6461726b67686f737468756e7465722f6c617261706173732f762f737461626c65)](https://packagist.org/packages/darkghosthunter/larapass) [![License](https://camo.githubusercontent.com/1fe7218fafedfd83d3e9709dd6979d64419f3502add9aa2624ab99f1a5ebdc8c/68747470733a2f2f706f7365722e707567782e6f72672f6461726b67686f737468756e7465722f6c617261706173732f6c6963656e7365)](https://packagist.org/packages/darkghosthunter/larapass) [![](https://camo.githubusercontent.com/0c78eb181a0223dcb3c861d5f022e6e784611c32a58de8a707654aee701d7ab0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6461726b67686f737468756e7465722f6c617261706173732e737667)](https://camo.githubusercontent.com/0c78eb181a0223dcb3c861d5f022e6e784611c32a58de8a707654aee701d7ab0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6461726b67686f737468756e7465722f6c617261706173732e737667) [![](https://github.com/DarkGhostHunter/Larapass/workflows/PHP%20Composer/badge.svg)](https://github.com/DarkGhostHunter/Larapass/workflows/PHP%20Composer/badge.svg) [![Coverage Status](https://camo.githubusercontent.com/9279cd9b12bb0fd3c18bd5feb85cd1d84984ac4b0664230ae6234c6998344d64/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f4461726b47686f737448756e7465722f4c617261706173732f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/DarkGhostHunter/Larapass?branch=master) [![Laravel Octane Compatible](https://camo.githubusercontent.com/70359a356da237cd29561bc5d0bb80baae775b5ff62f288ed324755382858342/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2532304f6374616e652d436f6d70617469626c652d737563636573733f7374796c653d666c6174266c6f676f3d6c61726176656c)](https://github.com/laravel/octane) Larapass -------- [](#larapass) Authenticate users with just their device, fingerprint or biometric data. Goodbye passwords! This enables WebAuthn authentication inside Laravel authentication driver, and comes with *everything but the kitchen sink*. Requisites ---------- [](#requisites) - PHP 7.4 or PHP 8.0 - Laravel 7.18 (July 2020) or Laravel 8.x > For Laravel 9.x supports and onwards, use [Laragear WebAuthn](https://github.com/Laragear/WebAuthn). Installation ------------ [](#installation) Just hit the console and require it with Composer. ``` composer require darkghosthunter/larapass ``` Unfortunately, using WebAuthn is not a "walk in the park", this package allows you to enable WebAuthn in the most **easiest way possible**. Table of contents ================= [](#table-of-contents) - [What is WebAuthn? How it uses fingerprints or else?](#what-is-webauthn-how-it-uses-fingerprints-or-else) - [Set up](#set-up) - [Confirmation Middleware](#confirmation-middleware) - [Events](#events) - [Operations with WebAuthn](#operations-with-webauthn) - [Advanced Configuration](#advanced-configuration) - [Relaying Party Information](#relaying-party-information) - [Challenge configuration](#challenge-configuration) - [Algorithms](#algorithms) - [Key Attachment](#key-attachment) - [Attestation conveyance](#attestation-conveyance) - [Login verification](#login-verification) - [Userless login (One touch, Typeless)](#userless-login-one-touch-typeless) - [Unique](#unique) - [Password Fallback](#password-fallback) - [Confirmation timeout](#confirmation-timeout) - [Attestation and Metadata statements support](#attestation-and-metadata-statements-support) - [Security](#security) - [FAQ](#faq) - [License](#license) What is WebAuthn? How it uses fingerprints or else? --------------------------------------------------- [](#what-is-webauthn-how-it-uses-fingerprints-or-else) In a nutshell, [major browsers are compatible with Web Authentication API](https://caniuse.com/#feat=webauthn), pushing authentication to the device (fingerprints, Face ID, patterns, codes, etc) instead of plain-text passwords. This package validates the WebAuthn payload from the devices using a custom [user provider](https://laravel.com/docs/authentication#adding-custom-user-providers). If you have any doubts about WebAuthn, [check this small FAQ](#faq). For a more deep dive, check [WebAuthn.io](https://webauthn.io/), [WebAuthn.me](https://webauthn.me/) and [Google WebAuthn tutorial](https://codelabs.developers.google.com/codelabs/webauthn-reauth/). Set up ------ [](#set-up) We need to make sure your users can register their devices and authenticate with them. 1. [Add the `eloquent-webauthn` driver](#1-add-the-eloquent-webauthn-driver). 2. [Create the `webauthn_credentials` table.](#2-create-the-webauthn_credentials-table) 3. [Implement the contract and trait](#3-implement-the-contract-and-trait) After that, you can quickly start WebAuthn with the included controllers and helpers to make your life easier. 4. [Register the routes](#4-register-the-routes-optional) 5. [Use the Javascript helper](#5-use-the-javascript-helper-optional) 6. [Set up account recovery](#6-set-up-account-recovery-optional) ### 1. Add the `eloquent-webauthn` driver [](#1-add-the-eloquent-webauthn-driver) This package comes with an Eloquent-compatible [user provider](https://laravel.com/docs/authentication#adding-custom-user-providers) that validates WebAuthn responses from the devices. Go to your `config/auth.php` configuration file, and change the driver of the provider you're using to `eloquent-webauthn`. ``` return [ // ... 'providers' => [ 'users' => [ // 'driver' => 'eloquent', // Default Eloquent User Provider 'driver' => 'eloquent-webauthn', 'model' => App\User::class, ], ] ]; ``` > If you plan to create your own user provider driver for WebAuthn, remember to inject the [`WebAuthnAssertValidator`](src/WebAuthn/WebAuthnAssertValidator.php) to properly validate the user with the incoming response. ### 2. Create the `webauthn_credentials` table [](#2-create-the-webauthn_credentials-table) Create the `webauthn_credentials` table by publishing the migration files and migrating the table: ``` php artisan vendor:publish --provider="DarkGhostHunter\Larapass\LarapassServiceProvider" --tag="migrations" php artisan migrate ``` ### 3. Implement the contract and trait [](#3-implement-the-contract-and-trait) Add the `WebAuthnAuthenticatable` contract and the `WebAuthnAuthentication` trait to the `Authenticatable` user class, or any that uses authentication. ```