Bånder

PasskeyController extends Controller
in package
uses HandlesUserTokens

WebAuthn passkey authentication controller

Handles WebAuthn/FIDO2 passkey authentication including passkey registration, authentication challenge generation, and secure login flows. Provides passwordless authentication using biometric or hardware security keys.

Tags
tags

Auth

Attributes
#[Prefix]
'/webauthn/passkey'

Table of Contents

Constants

REGISTER_OPTIONS_SESSION_KEY  = 'passkey-registration-options'

Methods

authenticate()  : JsonResponse|RedirectResponse
Authenticate using WebAuthn passkey
getOptions()  : JsonResponse
Generate WebAuthn authentication challenge
getRegisterOptions()  : array<string|int, mixed>
Generate WebAuthn registration challenge for new passkey
logInAuthenticatable()  : self
Log in the authenticated user and regenerate session
registerPasskey()  : JsonResponse
Register a new passkey for the authenticated user
validPasskeyResponse()  : JsonResponse|RedirectResponse
Handle successful passkey authentication response
denyWithStatus()  : mixed
gateCheckExecuteJob()  : mixed
gateCheckViewDashboard()  : mixed
invalidPasskeyResponse()  : JsonResponse
Handle invalid passkey authentication response
noContent()  : mixed
previouslyGeneratedPasskeyOptions()  : string|null
Retrieve and remove previously generated passkey registration options
createTokenSet()  : mixed

Constants

REGISTER_OPTIONS_SESSION_KEY

public mixed REGISTER_OPTIONS_SESSION_KEY = 'passkey-registration-options'

Methods

authenticate()

Authenticate using WebAuthn passkey

public authenticate(AuthenticateUsingPasskeyRequest $request) : JsonResponse|RedirectResponse

Verifies the WebAuthn assertion from the user's authenticator and logs them in if successful. Creates session tokens and handles redirect logic for seamless authentication experience.

Parameters
$request : AuthenticateUsingPasskeyRequest

Request containing WebAuthn assertion response

Tags
throws
ValidationException

When WebAuthn assertion is invalid

unauthenticated
response

array{ accessToken: NewAccessTokenResource, refreshToken: NewAccessTokenResource, sessionId: string }|array{message: string}

status

201

Attributes
#[Post]
'/'
'auth.passkey.login'
Return values
JsonResponse|RedirectResponse

getOptions()

Generate WebAuthn authentication challenge

public getOptions(Request $request) : JsonResponse

Creates a cryptographic challenge for passkey authentication including allowed credentials and relying party information. This challenge must be used with the WebAuthn JavaScript API for authentication.

Parameters
$request : Request

Request from user attempting authentication

Tags
unauthenticated
response

array{ challenge: string, rpId: string, allowCredentials: array<array{ id: string, type: string, transports: array }>, userVerification: string, timeout: int }

Attributes
#[Get]
'/'
'auth.passkey.options'
Return values
JsonResponse

getRegisterOptions()

Generate WebAuthn registration challenge for new passkey

public getRegisterOptions(Request $request) : array<string|int, mixed>

Creates a cryptographic challenge for registering a new passkey to the authenticated user's account. The challenge includes user information and credential creation parameters.

Parameters
$request : Request

Authenticated request from user

Tags
throws
AuthorizationException

When user is not authenticated

response

array{ rp: array{ name: string, id: string }, user: array{ id: string, name: string, displayName: string }, challenge: string, pubKeyCredParams: array<array{ type: string, alg: int }>, timeout: int, attestation: string, authenticatorSelection: array{ authenticatorAttachment: string, userVerification: string, residentKey: string } }

Attributes
#[Get]
'/register'
'auth.passkey.register-option'
['auth:sanctum']
Return values
array<string|int, mixed>

logInAuthenticatable()

Log in the authenticated user and regenerate session

public logInAuthenticatable(Authenticatable $authenticatable) : self

Internal method to handle user login after successful passkey authentication. Includes session regeneration for security purposes.

Parameters
$authenticatable : Authenticatable

The user to log in

Return values
self

For method chaining

registerPasskey()

Register a new passkey for the authenticated user

public registerPasskey(StorePasskeyRequest $request) : JsonResponse

Processes the WebAuthn attestation response to register a new passkey credential for the user's account. Includes validation and secure storage of the credential with optional naming.

Parameters
$request : StorePasskeyRequest

Request containing WebAuthn attestation and passkey name

Tags
throws
AuthorizationException

When user is not authenticated

throws
ValidationException

When attestation is invalid

response

array{message: string}|array{error: string}

status

201

Attributes
#[Post]
'/register'
'auth.passkey.register'
['auth:sanctum']
Return values
JsonResponse

validPasskeyResponse()

Handle successful passkey authentication response

public validPasskeyResponse(Request $request, User $user) : JsonResponse|RedirectResponse

Determines the appropriate response after successful authentication, either redirecting to a stored URL or returning authentication tokens for API/SPA usage.

Parameters
$request : Request

The authentication request

$user : User

The authenticated user

Return values
JsonResponse|RedirectResponse

Tokens or redirect response

denyWithStatus()

protected denyWithStatus(string $message, int $status) : mixed
Parameters
$message : string
$status : int

gateCheckExecuteJob()

protected gateCheckExecuteJob() : mixed

gateCheckViewDashboard()

protected gateCheckViewDashboard() : mixed

invalidPasskeyResponse()

Handle invalid passkey authentication response

protected invalidPasskeyResponse() : JsonResponse

Returns a standardized error response when passkey authentication fails due to invalid credentials or verification errors.

Return values
JsonResponse

Error response for invalid passkey

previouslyGeneratedPasskeyOptions()

Retrieve and remove previously generated passkey registration options

protected previouslyGeneratedPasskeyOptions() : string|null

Internal method to get the WebAuthn registration options stored in the session during the registration flow for verification purposes.

Return values
string|null

The stored registration options

createTokenSet()

private createTokenSet(Request $request, User $user) : mixed
Parameters
$request : Request
$user : User 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results