Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example App #649

Open
Zaszczyk opened this issue Sep 29, 2024 · 6 comments
Open

Example App #649

Zaszczyk opened this issue Sep 29, 2024 · 6 comments

Comments

@Zaszczyk
Copy link

Description

Could you provide example app implementing the framework? It is pretty hard to implement all actions using the docs.

@Spomky
Copy link
Contributor

Spomky commented Oct 3, 2024

Hi @Zaszczyk,

There is a simple demo application (based on Symfony).
I don't know of any simple PHP application similar to this one.

@albanx
Copy link

albanx commented Oct 27, 2024

Same here, quite hard to follow the docs, in a step by step usage tutorial, the documentation do not provide a line of progression. I was planning to create a tutorial end to end but I have not been able to integrate it myself.

@Spomky
Copy link
Contributor

Spomky commented Oct 28, 2024

What kind of application are you looking for?
I will take the time to update the documentation and improve the progress to make the implementation easier, but I need to know what is blocking you.

Thanks

@albanx
Copy link

albanx commented Oct 28, 2024

For example in the https://webauthn-doc.spomky-labs.com/pure-php/authenticator-registration page, it is not clear what to store once the registration has been completed
You can store the Public Key Credential Source ($publicKeyCredentialSource).

Should I store the complete object serialized or just part of it like credentialPublicKey?

@albanx
Copy link

albanx commented Oct 29, 2024

I managed to make a working app, using this library but was quite hard from the documentation. For example this section

<?php

declare(strict_types=1);

$publicKeyCredentialSource = $publicKeyCredentialSourceRepository->findOneByCredentialId(
    $publicKeyCredential->rawId
);
if ($publicKeyCredentialSource === null) {
   // Throw an exception if the credential is not found.
   // It can also be rejected depending on your security policy (e.g. disabled by the user because of loss)
}

$publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check(
    $publicKeyCredentialSource,
    $authenticatorAssertionResponse,
    $publicKeyCredentialRequestOptions,
    'my-application.com',
    $userEntity?->id // Should be `null` if the user entity is not known before this step
);

// Optional, but highly recommended, you can save the credential source as it may be modified
// during the verification process (counter may be higher).
$publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource);

is missing quite a loft of info like how to create the $authenticatorAssertionResponseValidator, what is the $publicKeyCredentialSourceRepository repository DB looks like, does not explicity highlight that the $csmFactory->requestCeremony() is different from the register one.

Is there a way to contribute to the documentation website, or that is propertary?

@ruudk
Copy link

ruudk commented Dec 16, 2024

I agree that the docs are very hard and overwhelming. I feel kind of dumb not understanding anything of it.

If you have ideas on how to improve the docs, please do @albanx 🙌 https://github.com/web-auth/doc/tree/v5.0

It would really help to see a full pure PHP implementation, where you see what is needed for the setup, how the attestation works, and the assertion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants