| Package Data | |
|---|---|
| Maintainer Username: | asbin |
| Maintainer Contact: | alexis@saettler.org (Alexis Saettler) |
| Package Create Date: | 2019-03-30 |
| Package Last Update: | 2025-11-06 |
| Home Page: | |
| Language: | PHP |
| License: | MIT |
| Last Refreshed: | 2025-11-06 15:03:47 |
| Package Statistics | |
|---|---|
| Total Downloads: | 537,846 |
| Monthly Downloads: | 6,201 |
| Daily Downloads: | 149 |
| Total Stars: | 304 |
| Total Watchers: | 8 |
| Total Forks: | 41 |
| Total Open Issues: | 10 |
LaravelWebauthn is an adapter to use Webauthn on Laravel.
You may use Composer to install this package into your Laravel project:
composer require asbiin/laravel-webauthn
You don't need to add this package to your service providers.
This package supports Laravel 5.8 and newer, and has been tested with php 7.2 and newer versions.
It's based on web-auth/webauthn-framework.
You can publish the LaravelWebauthn configuration in a file named config/webauthn.php, and resources.
Just run this artisan command:
php artisan laravelwebauthn:publish
If desired, you may disable LaravelWebauthn entirely using the enabled configuration option:
'enabled' => false,
You will find an example of usage on this repository: asbiin/laravel-webauthn-example.
Add this in the $routeMiddleware array of your app/Http/Kernel.php file:
'webauthn' => \LaravelWebauthn\Http\Middleware\WebauthnMiddleware::class,
You can use this middleware in your routes.php file:
Route::middleware(['auth', 'webauthn'])->group(function () {
Route::get('/home', 'HomeController@index')->name('home');
...
}
This way user would have to validates their key on login.
The middleware will open the page defined in webauthn.authenticate.view configuration.
The default value will open webauthn::authenticate page. The basics are:
<!-- load javascript part -->
<script src="{!! secure_asset('vendor/webauthn/webauthn.js') !!}"></script>
...
<!-- form to send datas to -->
<form method="POST" action="{{ route('webauthn.auth') }}" id="form">
@csrf
<input type="hidden" name="data" id="data" />
</form>
...
<!-- script part to run the sign part -->
<script>
var publicKey = {!! json_encode($publicKey) !!};
var webauthn = new WebAuthn();
webauthn.sign(
publicKey,
function (datas) {
$('#data').val(JSON.stringify(datas)),
$('#form').submit();
}
);
</script>
The webauthn.authenticate.postSuccessCallback configuration is used to redirect the submit form to the callback url: it's the page the user tried to access first.
If the value is false, the webauthn.authenticate.postSuccessRedirectRoute is used as a redirect route.
If postSuccessCallback is false and postSuccessRedirectRoute is empty, the return will be JSON form:
{
result: true,
callback: 'http://localhost',
}
To register a new key, open /webauthn/register or go to route('webauthn.register'), or any of your implementation.
The controller will open the page defined in webauthn.register.view configuration.
The default value will open webauthn::register page. The basics are:
<!-- load javascript part -->
<script src="{!! secure_asset('vendor/webauthn/webauthn.js') !!}"></script>
...
<!-- form to send datas to -->
<form method="POST" action="{{ route('webauthn.auth') }}" id="form">
@csrf
<input type="hidden" name="register" id="register" />
<input type="hidden" name="name" id="name" />
</form>
...
<!-- script part to run the sign part -->
<script>
var publicKey = {!! json_encode($publicKey) !!};
var webauthn = new WebAuthn();
webauthn.register(
publicKey,
function (datas) {
$('#register').val(JSON.stringify(datas)),
$('#form').submit();
}
);
</script>
The webauthn.register.postSuccessRedirectRoute configuration is used to redirect the submit form after the registration.
If postSuccessRedirectRoute is empty, the return will be JSON form:
{
result: true,
id: 42,
object => 'webauthnKey',
name => 'name of the key',
counter => 12,
}
These url are used
GET /webauthn/auth / route('webauthn.login')
The login page.
POST /webauthn/auth / route('webauthn.auth')
Post datas after a WebAuthn login validate.
GET /webauthn/register / route('webauthn.register')
Get datas to register a new key
POST /webauthn/register / route('webauthn.create')
Post datas after a WebAuthn register check
DELETE /webauthn/{id} / route('webauthn.destroy')
Get register datas
Events are dispatched by LaravelWebauthn:
\LaravelWebauthn\Events\WebauthnLoginData on creating authentication datas\LaravelWebauthn\Events\WebauthnLogin on login with WebAuthn check\LaravelWebauthn\Events\WebauthnRegisterData on creating register datas\LaravelWebauthn\Events\WebauthnRegister on registering a new keyAuthor: Alexis Saettler
Copyright © 2019.
Licensed under the MIT License. View license.