| Methods |
public
static
|
init($f3)
|
#
|
public
|
createChallenge(): void
API endpoint to create a random challenge that can be verified
using this module.
API endpoint to create a random challenge that can be verified
using this module.
|
#
|
public
|
listCredentials(): void
API endpoint to list the saved credentials for the current logged-in
user.
API endpoint to list the saved credentials for the current logged-in
user.
|
#
|
public
|
delete(Base $f3, array<string, mixed> $params): void
API endpoint to delete a stored credential
API endpoint to delete a stored credential
|
#
|
public
|
setup(): void
Displays the page to add a WebAuthn credential.
Displays the page to add a WebAuthn credential.
|
#
|
public
|
onDashboardBlocks(UIBuildEvent $event): void
Returns the dashboard block.
Returns the dashboard block.
Parameters
| $event |
the event to collect
the dashboard block
|
|
#
|
public
|
onLoginFormBuild(FormBuildEvent $event): void
|
#
|
public
|
onLoginFormSubmit(LoginFormSubmitEvent $event): void
|
#
|
public
|
onLoginEvent(LoginEvent $event): void
|
#
|
public
|
onLogoutEvent(LogoutEvent $event): void
|
#
|
protected
|
processNewCredential(
string $challenge,
string $nonce,
string $new_credential_json,
?string $display_name = null,
): array<string, mixed>|null
Processes a new WebAuthn credential. The new credential is represented
by PublicKeyCredential object (with AuthenticatorAttestationResponse).
Processes a new WebAuthn credential. The new credential is represented
by PublicKeyCredential object (with AuthenticatorAttestationResponse).
This method checks that the credential creation response is valid and, if so, provides
a result array which can be saved in the user's profile.
Note that this method does not perform detailed checks on the
attestation data.
Parameters
| $challenge |
the expected challenge value
|
| $nonce |
the expected nonce value provided by the
#createChallenge()
method
|
| $new_credential_json |
the credential creation response
as a JSON string (with Uint8Array and Buffer values encoded as base64url)
|
| $display_name |
the name of the credential chosen
by the user
|
Returns
an array representing the credential
to be used in the user's profile, or null if the credential creation response
is not valid
|
#
|
protected
|
verifyCredential(
string $challenge,
string $nonce,
array<string, mixed> $stored_credentials,
string $credential_json,
): array<string, mixed>|false
Verifies a WebAuthn credential supplied by the browser against credentials that are
stored for a user. The supplied credential is represented
by PublicKeyCredential object (with AuthenticatorAssertionResponse).
Verifies a WebAuthn credential supplied by the browser against credentials that are
stored for a user. The supplied credential is represented
by PublicKeyCredential object (with AuthenticatorAssertionResponse).
This method checks that the credential response is valid and, if so, provides
a result array which can be used to update the user's profile.
Note that this method does not perform detailed checks on the
assertion data.
Parameters
| $challenge |
the expected challenge value
|
| $nonce |
the expected nonce value provided by the
#createChallenge()
method
|
| $stored_credentials |
an associative array of
credentials stored in the user's profile
|
| $credential_json |
the credential response
as a JSON string (with Uint8Array and Buffer values encoded as base64url)
|
Returns
an array representing the verification result,
or false if the credential response is not valid
|
#
|
protected
|
verifySignature(
string $signature,
string $authenticator_data,
string $client_data_json,
array<string, mixed> $test_public_key,
): bool
Verifies the WebAuthn signature.
Verifies the WebAuthn signature.
Parameters
| $signature |
the base64url encoded signature to verify
|
| $authenticator_data |
the authenticatorData provided by the browser
as a binary string
|
| $client_data_json |
the clientDataJSON provided by the browser
as a JSON string
|
| $test_public_key |
the public_key value from the
stored credentials
|
Returns
true if the signature is valid
|
#
|
protected
|
getRpId(): string
Returns the RP ID for this installation.
Returns the RP ID for this installation.
The RP ID is generated from the canonical_base_path variable.
Returns
|
#
|
protected
|
getSavedCredentials(User $user, bool $include_details = false): array<array<string, mixed>>
Retrieves saved credentials for a specified user.
Retrieves saved credentials for a specified user.
The $include_details parameter can be set to determine whether
additional details (such as the display name and usage information) are
returned. When using the Credentials browser API, $include_details
should be set to false.
Parameters
| $user |
the user
|
| $include_details |
whether additional details are included in the result
|
Returns
|
#
|