search

lbuchs / WebAuthn

A simple PHP WebAuthn (FIDO2/Passkey) server library
https://webauthn.lubu.ch
MIT License
422 stars 75 forks source link

Public Key and Certificate Always Different #39

Open madzae opened 2 years ago

madzae commented 2 years ago

Hey,

With example code, I can generate credentialId, credentialPublicKey, and certificate from PHP Session ($_SESSION['registrations']) and save that data to MySQL database. But, everytime the user logout and login again, the credentialId, credentialPublicKey, and certificate not the same as the previous ones.

This sample code from my project to get the data from PHP Session.

<?php

foreach ($_SESSION['registrations'] as $obj)
{

    echo $obj->credentialPublicKey;
    echo "<br>";
    echo $obj->certificate;
    echo "<br>";
    echo $obj->credentialId;

}

My question is, how to authenticate user with that data?

lbuchs commented 2 years ago

you should only generate one registration, it's not possible to compare different registrations. For verification, there is another function. check out workflow and sample code at https://github.com/lbuchs/WebAuthn/blob/master/_test/server.php.