I want to write a functional test for my endpoints to register a user with WebAuthn.
The first call is to Register Device Options. This is easy as it requires no payload.
Next is Register Device, which requires passing an attestation object.
In JavaScript I could generate like this:
import { startRegistration } from "@simplewebauthn/browser";
const attResp = await startRegistration(optionsJson)
const attestation = JSON.stringify(attResp)
Maybe there would be a solution involving v8js passing in the optionsJson, but I'd rather not have to use v8.
I suppose an api call to another container running node might work.
But really I want a PHP only solution.
Is it possible to generate a WebAuthn attestation object using php?
Technically, there is nothing to prevent you from generating Attestation and Assertion Responses in PHP.
There are keypair generators, CBOR encoders and projects that implement Webauthn[1].
But since PHP is used on the server side and is mainly used to verify Authenticator responses, the existing implementations only offer to read these responses and not generate them. Nevertheless, it does not seem difficult to me to create a valid response and make a software Authenticator for testing or any other use (and TBH this is something I have in mind for a while).
[1] I am the author of the above mentioned libraries