WebAuthn Signers
Overview
The Web Authentication API contains a number of different credential types, including a credential with support for the P256 curve. This means that you can use WebAuthn-enabled authenticators like a Passkey or a Yubikey to sign transactions and arbitrary payloads.
By combining WebAuthn Signers with Account Abstraction, this means that Smart Contract Accounts can verify WebAuthn-P256 signatures with onchain arbitrary signature verification mechanisms such as EIP-1271: Signature Verification for Contracts.
Ox exports the WebAuthnP256
module, which contains utilities for working with a WebAuthn-P256 Signer.
Examples
Registering a WebAuthn Credential
A WebAuthn credential can be registered using the WebAuthnP256.createCredential
function.
import { WebAuthnP256 } from 'ox'
const const credential: WebAuthnP256.P256Credentialcredential = await WebAuthnP256.createCredential({ name: 'Example' })
Signing a Payload
Once we have a credential, we can use the WebAuthnP256.sign
function to sign a challenge (payload).
import { WebAuthnP256 } from 'ox'
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
const { metadata, signature } = await WebAuthnP256.sign({
challenge: '0xdeadbeef',
credentialId: credential.id,
})
const metadata: {
authenticatorData: Hex;
challengeIndex: number;
clientDataJSON: string;
typeIndex: number;
userVerificationRequired: boolean;
}metadata
const signature: {
r: bigint;
s: bigint;
yParity?: number | undefined;
}signature
Verifying a Signature
Signatures can be verified using the WebAuthnP256.verify
function.
import { WebAuthnP256 } from 'ox'
const credential = await WebAuthnP256.createCredential({
name: 'Example',
})
const { metadata, signature } = await WebAuthnP256.sign({
credentialId: credential.id,
challenge: '0xdeadbeef',
})
const verified = await WebAuthnP256.verify({
metadata,
challenge: '0xdeadbeef',
publicKey: credential.publicKey,
signature,
})
Related Modules
Module | Description |
---|---|
WebAuthnP256 | Utility functions for working with WebAuthn-P256 Signers. |