If your are working on a development environment, https
may not be available but the context could be considered as secured. You can bypass the scheme verification by passing the list of rpIds you consider secured.
{% hint style="danger" %} Please be careful using this feature. It should NOT be used in production. {% endhint %}
$publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
$authenticatorAttestationResponse,
$publicKeyCredentialCreationOptions,
$serverRequest,
['localhost']
);
$publicKeyCredentialSource = $authenticatorAssertionResponse->check(
$publicKeyCredential->getRawId(),
$authenticatorAssertionResponse,
$publicKeyCredentialRequestOptions,
$request,
$userHandle,
['localhost']
);