greg/webauthn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Minor clarifications.

Browse Source
This commit is contained in:
Italo
2022-06-15 16:15:08 -04:00
parent ac85b22030
commit 43a192d007
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -45,9 +45,9 @@ composer require laragear/webauthn
WebAuthn authentication process consists in two _ceremonies_: attestation, and assertion. WebAuthn authentication process consists in two _ceremonies_: attestation, and assertion.
Attestation is the process of asking the authenticator (a phone, laptop, USB key...) to create a private-public key pair, and return the public key to the app to store it. For that to work, the user must exist, and the browser must support WebAuthn, which is what intermediates between the authenticator and the app. Attestation is the process of asking the authenticator (a phone, laptop, USB key...) to create a private-public key pair, and **register** the public key inside the app. For that to work, the user must exist, and the browser must support WebAuthn, which is what intermediates between the authenticator and the app.
Assertion is the process of pushing a cryptographic challenge to the device, which will return _signed_ by the private key. Upon arrival, the app checks the signature with the public key. Assertion is the process of pushing a cryptographic challenge to the device, which will return _signed_ by the private key. Upon arrival, the app checks the signature with the public key, ready to **log in**.
The private key doesn't leave the authenticator, and there are no shared passwords to save, let alone remember. The private key doesn't leave the authenticator, and there are no shared passwords to save, let alone remember.
@@ -199,7 +199,7 @@ new WebAuthn().login({
### Custom routes ### Custom routes
By default, the helper assumes you're using the [default WebAuthn routes](#4-register-the-controllers). If you're using different routes for WebAuthn, you can set them at runtime. Here is good place to use [ziggy](https://github.com/tighten/ziggy) if it's in your project. By default, the helper assumes you're using the [default WebAuthn routes](#4-register-the-routes-and-controllers). If you're using different routes for WebAuthn, you can set them at runtime.
```javascript ```javascript
const webAuthn = new WebAuthn({ const webAuthn = new WebAuthn({
@@ -211,6 +211,8 @@ const webAuthn = new WebAuthn({
}); });
``` ```
> Here is good place to use [ziggy](https://github.com/tighten/ziggy) if it's in your project.
### Headers ### Headers
You may add headers to all WebAuthn authentication requests using the second parameter of the `WebAuthn` constructor. These headers will be present on all requests made by the instance. You may add headers to all WebAuthn authentication requests using the second parameter of the `WebAuthn` constructor. These headers will be present on all requests made by the instance.