peanutgraphic / bloxy-passkey
BLOXY passkey-authentication primitive — WebAuthn ceremony orchestration over web-auth/webauthn-lib, mandatory PRF activation, sign-count clone detection, BIP39 recovery flow. Pairs with @peanutgraphic/bloxy-passkey on the client.
Maintainers
Requires
- php: ^8.3
- ext-openssl: *
- ext-sodium: *
- firebase/php-jwt: ^7.0
- illuminate/contracts: ^12.0
- illuminate/support: ^12.0
- peanutgraphic/bloxy-core: v1.0.0
- peanutgraphic/bloxy-crypto: v1.0.0
- web-auth/webauthn-lib: ^5.0
Requires (Dev)
- orchestra/testbench: ^10.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
README
Passkey-authentication primitive for BLOXY. Wraps web-auth/webauthn-lib with Peanut Graphic's house rules: PRF activation is mandatory (it's how the vault key is derived, not an optional extension), sign-count regressions are treated as authenticator clones and rejected, and the BIP39 recovery loop is built in for the case where every device is lost.
This is the server half. The browser-side ceremony lives in the npm package @peanutgraphic/bloxy-passkey, and the two are designed to be released together.
Install
composer require peanutgraphic/bloxy-passkey
Service provider auto-registers (Bloxy\Passkey\BloxyPasskeyServiceProvider). Requires ext-sodium and ext-openssl.
Stack
PHP 8.3 · web-auth/webauthn-lib ^5.0 · firebase/php-jwt ^7.0 · Laravel 12 · depends on peanutgraphic/bloxy-core and peanutgraphic/bloxy-crypto.
Local development
composer install vendor/bin/pest
Path repositories at ../core-php and ../crypto-php are preconfigured so the three packages can be developed in parallel from sibling checkouts.
Releases
Tagged on GitHub and published to Packagist as peanutgraphic/bloxy-passkey, in lockstep with the npm client. License is proprietary.
Part of the Peanut Graphic ecosystem.