Core Boxx – Login With WebAuthn (Passwordless Login)

Last Updated: September 7, 2023

TABLE OF CONTENTS

 

DOWNLOAD & INSTALLATION

First, the download links for the module, and also “installation instructions”.

 

LICENSE & DOWNLOAD

GitHubSource Forge

Core Boxx is released under the MIT License. You are free to use it for personal and commercial projects, and modify it as you see fit. On the condition that the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

 

 

INSTALLATION

  • Install the Users Module first.
  • Copy/unzip this module into your existing Core Boxx project folder.
  • Access http://your-site.com/install/WAIN, this will automatically:
    • Add “Password Login” to the user menu in pages/TEMPLATE-top.php.
    • Add a “Passwordless Login” button to pages/PAGE-login.php.
    • Delete PAGE-install-WAIN.php itself.

 

SORRY FOR THE ADS...

But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.

Buy Me A Coffee Code Boxx eBooks

 

FILES LIST

LIBRARIES

ASSETS & PAGES

  • pages/PAGE-passwordless.php Page to register/unregister passwordless login.
  • assets/PAGE-wa-helper.js Helper functions for Web Authn login.
  • assets/PAGE-wa.js Manage passwordless login.
  • assets/PAGE-wa-login.js Passwordless login JS.

 

 

LIBRARY REFERENCE

Lastly, the list of library functions and API endpoints.

 

WEB AUTHN LOGIN LIBRARY

HELPER FUNCTIONS

setChallenge ($id)

Helper function, create a random challenge hash for the given user ID.

$_CORE-WAIN->setChallenge(123);
getChallenge ($id)

Helper function, get the random challenge hash created by setChallenge().

$challenge = $_CORE->WAIN->getChallenge(123);
getUser ($email)

Helper function, get user (and WebAuthn credentials) with the given email.

$user = $_CORE->WAIN->get("jon@doe.com");

 

 

REGISTRATION FUNCTIONS

regA ()

Registration part 1 – Generate a public key. The user must be signed in.

$pk = $_CORE->WAIN->regA();
// $pk is to be passed into navigator.credentials.create() JS function.
regB ()

Registration part 2 – Validate uploaded credential, and save it into the database. The user must be signed in.

// post the credentials created by navigator.credentials.create()
$_CORE->WAIN->regB();
unreg ()

Unregister. Delete the user’s registered credentials from the database. The user must be signed in.

$_CORE->WAIN->unreg();

 

VALIDATION FUNCTIONS

loginA ($email)

Login part 1 – Generate a public key. The user must have a registered credential.

$pk = $_CORE->WAIN->loginA("jon@doe.com");
// $pk is to be passed into navigator.credentials.get() JS function.
loginB ($email)

Login part 2 – Validate uploaded credentials against the saved copy in the database.

// post the credentials created by navigator.credentials.get()
$ok = $_CORE->WAIN->loginB("jon@doe.com");
if ($ok) { print_r($_SESSION["user"]);  } // signed in

 

 

WEB AUTHN LOGIN API FUNCTIONS

api/wain/regA

Registration part 1 – Generate a public key. The user must be signed in.

api/wain/regB

Registration part 2 – Save uploaded credentials. The user must be signed in.

  • $_POST["transport"] Transport data.
  • $_POST["client"] Client Data JSON.
  • $_POST["attestment"] Attestation data.
api/wain/unreg

Unregister saved credentials. The user must be signed in.

api/wain/loginA

Login part 2 – Generate public key. The user must have a registered credential.

  • $_POST["email"] User’s email.
api/wain/loginB

Login part 2 – Validate uploaded credentials and sign the user in.

  • $_POST["email"] User’s email.
  • $_POST["id"] User’s ID.
  • $_POST["client"] Client Data JSON.
  • $_POST["auth"] Authenticator Data.
  • $_POST["sig"] Signature.
  • $_POST["user"] User handle.

Leave a Comment

Your email address will not be published. Required fields are marked *