challenge !== '' || throw AuthenticatorResponseVerificationException::create( 'Invalid challenge.' ); hash_equals( $publicKeyCredentialOptions->challenge, $authenticatorResponse->clientDataJSON->challenge ) || throw AuthenticatorResponseVerificationException::create('Invalid challenge.'); } }