spomky-labs / u2f-php Goto Github PK
View Code? Open in Web Editor NEWFIDO/FIDO2 Universal 2 Factors (U2F) support for PHP
License: MIT License
FIDO/FIDO2 Universal 2 Factors (U2F) support for PHP
License: MIT License
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? / Specification | https://www.w3.org/TR/webauthn/#tpm-attestation |
Version | x.y(.z) |
Add TMP Attestation format support.
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? / Specification | https://www.w3.org/TR/webauthn/#extensions |
Version | x.y(.z) |
At the moment, objects related to the webauthn extensions are present, but as there is not concrete implementation on the relaying parties and thus are not easy to perform test in real environment.
This issue is a reminder that will be closed when the specification will be considered as an approved standard with test vectors and/or concrete implementations.
Q | A |
---|---|
Bug report? | no |
Feature request? | no |
BC Break report? | no |
RFC? / Specification | no |
Version | x.y(.z) |
A demo (e.g. docker-based) should be provided to allow users to have a better undertanding of this library usage.
Q | A |
---|---|
Bug report? | no |
Feature request? | no |
BC Break report? | no |
RFC? / Specification | no |
Version | 1.x-dev |
Any chance of this going stable any time soon? It looks interesting, but without a proper stable release, it's hard to consider it for production use.
This library becomes more and more complex. Other repositories will be created e.g. for Symfony bundle.
To ease the management and the development of the library/bundle and the future of the whole project, a new organization should be used.
=> many/mono repo mgmt like what is done for web-token.
Q | A |
---|---|
Bug report? | no |
Feature request? | no |
BC Break report? | no |
RFC? / Specification | no |
Version | x.y(.z) |
At the moment, only FIDO U2F features are tested.
Even if the Webauthn specification is not an approved standard, some parts are implemented and can be tested.
Unit and Functional tests shall be written, at least for the minimum required components (e.g. PublicKeyCredential, entities, PublicKeyCredentialDescriptor...)
When loaded, the attestation statement trust path should be available through a call that clearly indicates the trust path.
At the moment, the public key credential is just a binary string.
It could be easier for implementers to get a dedicated object that represent that key.
This object could be of type RsaKey
/EcKey
implementing an interface (e.g. PublicKeyCredential
).
At the moment, the AttestationStatement
class does not indicates of what type it is.
A convenient method should be added and return the appropriate information (basic...)
The library only supports EC signatures and may support RSA ones.
The algorithms supported by this library should be extensible and new algorithms should be easily added if needed.
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? / Specification | https://www.w3.org/TR/webauthn/#android-key-attestation |
Version | x.y(.z) |
Add Android Key Attestation support.
Describe the bug
To use this module in combination with OTPHP, a composer requirement of beberlei/assert 3.1 clashes with OTPHP's requirement of beberlei/assert 2.4
To Reproduce
Steps to reproduce the behavior:
composer update
Expected behavior
A successful installation of both libraries
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? / Specification | https://www.w3.org/TR/webauthn/#packed-attestation |
Version | x.y(.z) |
Add support for packed
attestionation format.
https://github.com/Firehed/u2f-php
https://github.com/Yubico/php-u2flib-server
I've found two other libraries that provide the same FIDO U2F server protocol in PHP. What's the difference with those libraries?
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? / Specification | https://www.w3.org/TR/webauthn/#android-safetynet-attestation |
Version | x.y(.z) |
Add Android SafetyNet Attestation support.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.