xefi/laravel-passkey-api 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

xefi/laravel-passkey-api

Composer 安装命令:

composer require xefi/laravel-passkey-api

包简介

A Laravel package for passkey authentication apis

README 文档

README

Latest Version on Packagist Tests License

A Laravel package for passkey (WebAuthn/FIDO2) authentication — register and verify passkeys through a clean REST API, with a swappable authentication action to support Sanctum, Passport, web sessions, or any custom guard.

Full documentation at laravel-passkey.xefi.com.

Requirements

  • PHP ^8.3
  • Laravel ^12.0 or ^13.0

Installation

composer require xefi/laravel-passkey-api
php artisan vendor:publish --tag=passkey-migrations
php artisan migrate

Add the HasPasskeys trait to your User model:

use Xefi\LaravelPasskey\Traits\HasPasskeys;

class User extends Authenticatable
{
    use HasPasskeys;
}

Configuration

php artisan vendor:publish --tag=passkey-config

Key options in config/passkey.php:

Key Default Description
enabled true Enable / disable the package
timeout 60000 WebAuthn operation timeout (ms)
challenge_length 32 Challenge size in bytes
user_model App\Models\User Authenticatable model
session_guard null Guard used by CreateWebSessionAction (falls back to Laravel default guard)
auth_action CreateWebSessionAction Action invoked on successful login

Authentication Actions

The login endpoint delegates to a swappable action class. Three are provided out of the box:

// config/passkey.php

// Web session (default)
'auth_action' => \Xefi\LaravelPasskey\Actions\CreateWebSessionAction::class,

// Laravel Sanctum token
'auth_action' => \Xefi\LaravelPasskey\Actions\CreateSanctumTokenAction::class,

// Laravel Passport token
'auth_action' => \Xefi\LaravelPasskey\Actions\CreatePassportTokenAction::class,

You can also bind your own implementation of Xefi\LaravelPasskey\Contracts\PasskeyAuthAction.

API Endpoints

Passkey Management (requires authentication)

Method Endpoint Description
GET /api/passkeys List passkeys for the authenticated user
POST /api/passkeys/register/options Get registration options
POST /api/passkeys/register Register a new passkey

Authentication (public)

Method Endpoint Description
POST /api/passkeys/verify/options Get verification options
POST /api/passkeys/verify Verify a passkey (MFA / re-auth)
POST /api/passkeys/login Authenticate and invoke the auth action

Full request/response schemas are available in the documentation.

Typical Flow

sequenceDiagram
    actor User
    participant Browser as Browser (JS)
    participant Server as Server (API)
    participant Auth as Authenticator

    Note over User,Auth: Register Passkey
    User->>Browser: Initiate registration
    Browser->>Server: POST /api/passkeys/register/options
    Server-->>Browser: Registration options + challenge
    Browser->>Auth: navigator.credentials.create()
    Auth-->>Browser: Attestation object
    Browser->>Server: POST /api/passkeys/register
    Server-->>Browser: Passkey stored

    Note over User,Auth: Login with Passkey
    User->>Browser: Initiate login
    Browser->>Server: POST /api/passkeys/verify/options
    Server-->>Browser: Authentication options + challenge
    Browser->>Auth: navigator.credentials.get()
    Auth-->>Browser: Assertion object
    Browser->>Server: POST /api/passkeys/login
    Server-->>Browser: Session / token
Loading

Support us

Since 1997, XEFI is a leader in IT performance support for small and medium-sized businesses through its nearly 200 local agencies based in France, Belgium, Switzerland and Spain. A one-stop shop for IT, office automation, software, digitalization, print and cloud needs. Want to work with us?

License

MIT — see LICENSE.

xefi/laravel-passkey-api 适用场景与选型建议

xefi/laravel-passkey-api 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 25 次下载、GitHub Stars 达 3, 最近一次更新时间为 2026 年 03 月 25 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 xefi/laravel-passkey-api 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 xefi/laravel-passkey-api 我们能提供哪些服务?
定制开发 / 二次开发

基于 xefi/laravel-passkey-api 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 25
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 3
  • 点击次数: 43
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 3
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-25