Release status: beta
|Implementation||User rights, Special page|
|Description||Module for OATHAuth that enables support for authentication through the WebAuthn API|
|Latest version||Continuous updates|
|Compatibility policy||Master maintains backward compatibility.|
|License||GNU General Public License 2.0 or later|
|Quarterly downloads||22 (Ranked 140th)|
|Public wikis using||915 (Ranked 291st)|
|Translate the WebAuthn extension if it is available at translatewiki.net|
WebAuthn is a module for the OATHAuth extension, that provides support for U2F devices (such as YubiKey) by using the WebAuthn API in browsers. It enables support for logging-in using physical security tokens or biometric sensors along with a regular password. Learn more about U2F on Wikipedia.
- Download and place the file(s) in a directory called
- Only when installing from Git, run Composer to install PHP dependencies, by issuing
composer install --no-devin the extension directory. (See task T173141 for potential complications.)
- Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'WebAuthn' );
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Cross-wiki support for wikis sharing the same root domain
By default, users may only use their U2F key to log in to the wiki where they initially registered the key. Attempting to log in on another wiki within the wiki family results in an error about an unrecognized key and restricts where the user can log in to only the wiki where they registered their U2F key on.
Limited support exists for wiki families (those with
$wgOATHAuthDatabase configured) sharing the same root domain. System administrators must first configure support for this by defining both
$wgWebAuthnRelyingPartyName. The Relying Party ID must be set to your root domain. For example, if you have wikis at
c.wiki.com, the root domain is
wiki.com and must be set as the ID. The Relying Party name can be whatever but ideally, it should be the name of your wiki family.
Due to limitations in the WebAuthn API, no support exists for logging in via WebAuthn on wikis not sharing the same root domain. Users should be advised to register their U2F key on a central wiki and login through that wiki. Attempting to login on those wikis will result in an error about an unrecognized key.
||Configures relying party ID. If not defined, this defaults to your domain.|
||Configures relying party name. If not defined, this defaults to your sitename.|
List of all supported web browsers can be found on Mozilla Developer Network.
- Chrome 67+
- Edge 18+
- Firefox 60+
- Android WebView 70+
- Chrome for Android 70+
- Firefox for Android 60+
|This extension is being used on one or more Wikimedia projects. This probably means that the extension is stable and works well enough to be used by such high-traffic websites. Look for this extension's name in Wikimedia's CommonSettings.php and InitialiseSettings.php configuration files to see where it's installed. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page.|
|This extension is included in the following wiki farms/hosts and/or packages:|