Getting Started

Introduction

Laravel Passkey API — WebAuthn passkey authentication for Laravel.

Laravel Passkey API is a Laravel package that exposes a ready-to-use REST API for WebAuthn (FIDO2) passkey registration and authentication. It handles the full WebAuthn flow — challenge generation, attestation verification, assertion validation — and creates an authenticated session or issues a token upon successful authentication via a configurable auth action.

Passkey is a modern, phishing-resistant replacement for passwords. They rely on public-key cryptography: the private key never leaves the user's device, and authentication is confirmed with a biometric or PIN.

Requirements

PHP 8.3 or higher
Laravel 12.x or higher
openssl PHP extension
spomky-labs/cbor-php ^3.0 — CBOR decoding
web-auth/cose-lib ^4.0 — COSE key handling

Features

WebAuthn registration — Generate challenge options and register a passkey credential
WebAuthn authentication — Verify a passkey assertion and create a session or issue a token via a pluggable auth action (Sanctum, Passport, or web session)
Passkey management — List all passkey associated with the authenticated user
ES256 & RS256 — Supports both Elliptic Curve and RSA public key algorithms
Configurable — Middleware, timeout, and challenge length via config/passkey.php
Eloquent integration — HasPasskeys trait and Passkey Eloquent model included

Package information

Property	Value
Package name	`xefi/laravel-passkey-api`
Version	`0.2.0`
License	MIT
Laravel	12.x+
PHP	8.3+

Installation

How to install and set up the Laravel Passkey API package.