Skip to content

Releases: lbuchs/WebAuthn

v2.2.0

Choose a tag to compare

@lbuchs lbuchs released this 04 Jul 07:36
20adb4a

New Features

  • isBackupEligible & isBackedUp flags exposed
  • Check for known android key hashes instead of URL origin check in case the origin string starts with android:apk-key-hash:;

v2.1.1

Choose a tag to compare

@lbuchs lbuchs released this 15 Jan 15:48

Temp Directory Improvement

v2.1.0

Choose a tag to compare

@lbuchs lbuchs released this 23 Oct 10:23

Verify EdDSA using Sodium
Support for EdDSA algorithm (-8) using PHP Sodium (or Sodium Compat )

v2.0.1

Choose a tag to compare

@lbuchs lbuchs released this 16 May 07:29

Updated PHP requirements.

v2.0.0

Choose a tag to compare

@lbuchs lbuchs released this 15 May 13:17
b31384c

v2

demo

  • rewrite demo app with async function
  • switch for attestation

Android

  • allow to decide if you require ctsProfileMatch for android devices (default true, like on v1.x).
    • ctsProfileMatch: A stricter verdict of device integrity. If the value of ctsProfileMatch is true, then the profile of the device running your app matches the profile of a device that has passed Android compatibility testing and has been approved as a Google-certified Android device.
    • basicIntegrity: A more lenient verdict of device integrity. If only the value of basicIntegrity is true, then the device running your app likely wasn't tampered with. However, the device hasn't necessarily passed Android compatibility testing.
  • usage: set $requireCtsProfileMatch on processCreate() to false to check only for basic integrity.

transport Hybrid

added support for transport hybrid. Hybrid indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using a smartphone.

⚠️Attention: new argument $allowHybrid on getGetArgs, CHECK YOUR IMPLEMENTATION!

public function getGetArgs($credentialIds=array(), $timeout=20, $allowUsb=true, $allowNfc=true, $allowBle=true, $allowHybrid=true, $allowInternal=true, $requireUserVerification=false)

v2.0.0-beta

v2.0.0-beta Pre-release
Pre-release

Choose a tag to compare

@lbuchs lbuchs released this 06 Jan 08:27

v2

demo

rewrite demo app with async function

Android

  • allow to decide if you require ctsProfileMatch for android devices (default true, like on v1.x).
    • ctsProfileMatch: A stricter verdict of device integrity. If the value of ctsProfileMatch is true, then the profile of the device running your app matches the profile of a device that has passed Android compatibility testing and has been approved as a Google-certified Android device.
    • basicIntegrity: A more lenient verdict of device integrity. If only the value of basicIntegrity is true, then the device running your app likely wasn't tampered with. However, the device hasn't necessarily passed Android compatibility testing.
  • usage: set $requireCtsProfileMatch on processCreate() to false to check only for basic integrity.

transport Hybrid

added support for transport hybrid. Hybrid indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using a smartphone.

⚠️Attention: new argument on getGetArgs, check your implementation:
public function getGetArgs($credentialIds=array(), $timeout=20, $allowUsb=true, $allowNfc=true, $allowBle=true, $allowHybrid=true, $allowInternal=true, $requireUserVerification=false)

v1.1.3: Self Signed detection

Choose a tag to compare

@lbuchs lbuchs released this 21 Nov 08:49
Fix self signed detection, switch to authorityKeyIdentifier instead of compare subject and issuer

v1.1.2

Choose a tag to compare

@lbuchs lbuchs released this 15 Nov 11:10
Bugfix: ByteBuffer->equals

v1.1.1

Choose a tag to compare

@lbuchs lbuchs released this 14 Oct 07:27

PHP 8 issues (Object attribute access)

v1.1.0

Choose a tag to compare

@lbuchs lbuchs released this 06 May 09:07
  • Handle certificates correctly already containing line breaks
  • The WebAuthn specification mandates that the counter check should be performed if either of the counters are non-zero.
  • Support WebAuthn v2 residentKey field (#60)
  • PHP 8.1 fixes