Skip to content

WebAuthn Signers

Overview

The Web Authentication API contains a number of different credential types, including a credential with support for the P256 curve. This means that you can use WebAuthn-enabled authenticators like a Passkey or a Yubikey to sign transactions and arbitrary payloads.

By combining WebAuthn Signers with Account Abstraction, this means that Smart Contract Accounts can verify WebAuthn-P256 signatures with onchain arbitrary signature verification mechanisms such as EIP-1271: Signature Verification for Contracts.

Ox exports the WebAuthnP256 module, which contains utilities for working with a WebAuthn-P256 Signer.

Examples

Registering a WebAuthn Credential

A WebAuthn credential can be registered using the WebAuthnP256.createCredential function.

import { WebAuthnP256 } from 'ox'
 
const 
const credential: WebAuthnP256.P256Credential
credential
= await WebAuthnP256.createCredential({ name: 'Example' })

Signing a Payload

Once we have a credential, we can use the WebAuthnP256.sign function to sign a challenge (payload).

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
 
const { metadata, signature } = await WebAuthnP256.sign({ 
  challenge: '0xdeadbeef', 
  credentialId: credential.id, 
})
 
const metadata: { authenticatorData: Hex; challengeIndex: number; clientDataJSON: string; typeIndex: number; userVerificationRequired: boolean; }
metadata
const signature: { r: bigint; s: bigint; yParity?: number | undefined; }
signature

Verifying a Signature

Signatures can be verified using the WebAuthnP256.verify function.

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})
 
const verified = await WebAuthnP256.verify({ 
  metadata, 
  challenge: '0xdeadbeef', 
  publicKey: credential.publicKey, 
  signature, 
})

Related Modules

ModuleDescription
WebAuthnP256Utility functions for working with WebAuthn-P256 Signers.