I'm trying to get started with webauthn-lib 4.7 using the documentation.
Based on the docs, I came up with this code:
$user_entity = new PublicKeyCredentialUserEntity($user->getAccountName(), $user->id(), $user->getDisplayName());
$rp_entity = PublicKeyCredentialRpEntity::create('My app', 'example.com', null);
$challenge = random_bytes(16);
$credential_options = PublicKeyCredentialCreationOptions::create(
$rp_entity,
$user_entity,
$challenge,
// ['excludeCredentials', $exclude_credentials]
);
But PHPStorm is warning me:
Required parameter '$pubKeyCredParams' missing
The documentation doesn't have an example of $pubKeyCredParams, but it does say:
A list of supported public key parameters i.e. an algorithm list (at least one)
What format should this list take? Are these supposed to be the same as the algorithms supplied to the Algorithm Manager?
For reference, those algorithms are:
use Cose\Algorithm\Manager;
use Cose\Algorithm\Signature\ECDSA\ES256;
use Cose\Algorithm\Signature\RSA\RS256;
$algorithmManager = Manager::create()
->add(
ES256::create(),
RS256::create()
)
;
But how do I format them into something that PublicKeyCredentialCreationOptions() will accept?
This was explained in the previous versions of the documentation, but removed in 4.7 without clarification. Now you can pass an empty array and the algorithm list will be ES256 and RS256 by default.
This list shall contain Webauthn\PublicKeyCredentialParameters objects that refer to a COSE algorithm identifier.
use Cose\Algorithms;
use Webauthn\PublicKeyCredentialParameters;
$publicKeyCredentialParametersList = [
PublicKeyCredentialParameters::create('public-key', Algorithms::COSE_ALGORITHM_ES256),
PublicKeyCredentialParameters::create('public-key', Algorithms::COSE_ALGORITHM_RS256),
];