├── .changeset
    ├── README.md
    └── config.json
├── .gitignore
├── CHANGELOG.md
├── License
├── README.md
├── biome.json
├── bun.lockb
├── package.json
├── src
    ├── index.ts
    ├── large-blob-passkey-account.ts
    ├── passkey-connector.ts
    ├── passkey-provider.ts
    ├── passkey.ts
    ├── passkey.types.ts
    └── utils
    │   ├── encoding.ts
    │   └── webauthn-zod.ts
├── tsconfig.json
└── vitest.config.js


/.changeset/README.md:
--------------------------------------------------------------------------------
1 | # Changesets
2 | 
3 | Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
4 | with multi-package repos, or single-package repos to help you version and publish your code. You can
5 | find the full documentation for it [in our repository](https://github.com/changesets/changesets)
6 | 
7 | We have a quick list of common questions to get you started engaging with this project in
8 | [our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)
9 | 


--------------------------------------------------------------------------------
/.changeset/config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "$schema": "https://unpkg.com/@changesets/config@2.3.1/schema.json",
 3 |   "changelog": "@changesets/cli/changelog",
 4 |   "commit": false,
 5 |   "fixed": [],
 6 |   "linked": [],
 7 |   "access": "public",
 8 |   "baseBranch": "main",
 9 |   "updateInternalDependencies": "patch",
10 |   "ignore": []
11 | }


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Based on https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
  2 | 
  3 | # Logs
  4 | 
  5 | logs
  6 | _.log
  7 | npm-debug.log_
  8 | yarn-debug.log*
  9 | yarn-error.log*
 10 | lerna-debug.log*
 11 | .pnpm-debug.log*
 12 | 
 13 | # Diagnostic reports (https://nodejs.org/api/report.html)
 14 | 
 15 | report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
 16 | 
 17 | # Runtime data
 18 | 
 19 | pids
 20 | _.pid
 21 | _.seed
 22 | \*.pid.lock
 23 | 
 24 | # Directory for instrumented libs generated by jscoverage/JSCover
 25 | 
 26 | lib-cov
 27 | 
 28 | # Coverage directory used by tools like istanbul
 29 | 
 30 | coverage
 31 | \*.lcov
 32 | 
 33 | # nyc test coverage
 34 | 
 35 | .nyc_output
 36 | 
 37 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 38 | 
 39 | .grunt
 40 | 
 41 | # Bower dependency directory (https://bower.io/)
 42 | 
 43 | bower_components
 44 | 
 45 | # node-waf configuration
 46 | 
 47 | .lock-wscript
 48 | 
 49 | # Compiled binary addons (https://nodejs.org/api/addons.html)
 50 | 
 51 | build/Release
 52 | 
 53 | # Dependency directories
 54 | 
 55 | node_modules/
 56 | jspm_packages/
 57 | 
 58 | # Snowpack dependency directory (https://snowpack.dev/)
 59 | 
 60 | web_modules/
 61 | 
 62 | # TypeScript cache
 63 | 
 64 | \*.tsbuildinfo
 65 | 
 66 | # Optional npm cache directory
 67 | 
 68 | .npm
 69 | 
 70 | # Optional eslint cache
 71 | 
 72 | .eslintcache
 73 | 
 74 | # Optional stylelint cache
 75 | 
 76 | .stylelintcache
 77 | 
 78 | # Microbundle cache
 79 | 
 80 | .rpt2_cache/
 81 | .rts2_cache_cjs/
 82 | .rts2_cache_es/
 83 | .rts2_cache_umd/
 84 | 
 85 | # Optional REPL history
 86 | 
 87 | .node_repl_history
 88 | 
 89 | # Output of 'npm pack'
 90 | 
 91 | \*.tgz
 92 | 
 93 | # Yarn Integrity file
 94 | 
 95 | .yarn-integrity
 96 | 
 97 | # dotenv environment variable files
 98 | 
 99 | .env
100 | .env.development.local
101 | .env.test.local
102 | .env.production.local
103 | .env.local
104 | 
105 | # parcel-bundler cache (https://parceljs.org/)
106 | 
107 | .cache
108 | .parcel-cache
109 | 
110 | # Next.js build output
111 | 
112 | .next
113 | out
114 | 
115 | # Nuxt.js build / generate output
116 | 
117 | .nuxt
118 | dist
119 | 
120 | # Gatsby files
121 | 
122 | .cache/
123 | 
124 | # Comment in the public line in if your project uses Gatsby and not Next.js
125 | 
126 | # https://nextjs.org/blog/next-9-1#public-directory-support
127 | 
128 | # public
129 | 
130 | # vuepress build output
131 | 
132 | .vuepress/dist
133 | 
134 | # vuepress v2.x temp and cache directory
135 | 
136 | .temp
137 | .cache
138 | 
139 | # Docusaurus cache and generated files
140 | 
141 | .docusaurus
142 | 
143 | # Serverless directories
144 | 
145 | .serverless/
146 | 
147 | # FuseBox cache
148 | 
149 | .fusebox/
150 | 
151 | # DynamoDB Local files
152 | 
153 | .dynamodb/
154 | 
155 | # TernJS port file
156 | 
157 | .tern-port
158 | 
159 | # Stores VSCode versions used for testing VSCode extensions
160 | 
161 | .vscode-test
162 | 
163 | # yarn v2
164 | 
165 | .yarn/cache
166 | .yarn/unplugged
167 | .yarn/build-state.yml
168 | .yarn/install-state.gz
169 | .pnp.\*
170 | 
171 | # IntelliJ based IDEs
172 | .idea
173 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # @forum/passkeys
 2 | 
 3 | ## 0.1.2
 4 | 
 5 | ### Patch Changes
 6 | 
 7 | - add some webauthn zod schemas
 8 | 
 9 | ## 0.1.1
10 | 
11 | ### Patch Changes
12 | 
13 | - initial working version w/o exmaple
14 | 


--------------------------------------------------------------------------------
/License:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Forum
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Passkeys Accounts
  2 | 
  3 | A collection of utilities to enable passkey accounts in [viem](https://viem.sh) & [wagmi](https://wagmi.sh)
  4 | 
  5 | ## Features
  6 | 
  7 | - Create & Import EOA into a passkey wallet & use it to interact with directly with [Ethereum](https://ethereum.org/)
  8 | - Bring your own passkey library, such as [SimpleWebAuthn](https://github.com/MasterKale/SimpleWebAuthn) or [React Native Passkeys](https://github.com/peterferguson/react-native-passkeys)
  9 | - (Mostly) Unopinionated about how you store and handle the private key
 10 | 
 11 | ... This is a work in progress so if you find any issues please let us know.
 12 | 
 13 | 
 14 | ## Installation
 15 | 
 16 | Install wagmi, viem & @forum/passkeys
 17 | 
 18 | ```bash
 19 | pnpm install wagmi viem @forum/passkeys
 20 | ```
 21 | 
 22 | 
 23 | ## Quick Start
 24 | 
 25 | This is one possible way to use this library to get started with largeBlob passkey accounts in wagmi.
 26 | 
 27 | It splits the setup process into three steps:
 28 | 
 29 | 1. First define a class to represent your site's passkey. This can wrap the `navigator.credential` api itself or some library like `SimpleWebAuthn` or `react-native-passkeys`.
 30 |    
 31 |    This should handle the calls to your server to verify that the calls are legit. [See SimpleWebAuthn's server docs](`https://simplewebauthn.dev/docs/packages/server#2-verify-registration-response`) for an example of how to handle the verification.
 32 | 
 33 |    ```tsx
 34 | 
 35 |    import { Passkey as AbstractPasskey } from '@forum/passkeys'
 36 | 
 37 |    export class Passkey extends AbstractPasskey {
 38 | 
 39 |        // - init your relaying party parameters 
 40 |        // ...
 41 | 
 42 |    	async create(options): Promise<RegistrationResponseJSON | null> {
 43 |    		const { challenge } = await getChallengeFromServer()
 44 | 
 45 |    		const passkeyResult = await await navigator.credential.create({ 
 46 |                ...options,
 47 |                challenge
 48 |            })
 49 | 
 50 |    		if (!passkeyResult) throw new Error('Failed to create passkey')
 51 | 
 52 |    		const verified = await getVerifiedPasskeyResult(passkeyResult)
 53 | 
 54 |    		if (!verified) throw new Error('Failed to verify challenge')
 55 | 
 56 |    		return passkeyResult
 57 |    	}
 58 | 
 59 |    	async get(options): Promise<AuthenticationResponseJSON | null> {
 60 |    		const { challenge } = await getChallengeFromServer()
 61 | 
 62 |    		const passkeyResult = await navigator.credential.get({
 63 |                ...options,
 64 |                rpId: hostname,
 65 |                challenge 
 66 |            })
 67 | 
 68 |            const verified = await getVerifiedPasskeyResult(passkeyResult)
 69 | 
 70 |    		if (!verified) throw new Error('Failed to verify challenge')
 71 | 
 72 |    		return passkeyResult
 73 |    	}
 74 |    }
 75 |    ```
 76 | 
 77 | 2. Define a custom hook to create the account 
 78 |    ```tsx
 79 |    import { useAccount, useConfig, useConnect, useDisconnect } from 'wagmi'
 80 |    import { generatePrivateKey, privateKeyToAddress } from 'viem/accounts'
 81 |    import { PasskeyConnector } from '@forum/passkeys'
 82 | 
 83 |    export const useCreateAccount() {
 84 |       const config = useConfig()
 85 | 
 86 |       const createAccount = async (
 87 |         username: string,
 88 |         privateKey = generatePrivateKey()
 89 |      ) => {
 90 |       		const passkey = new ForumPasskey()
 91 |       		const address = privateKeyToAddress(privateKey)
 92 | 
 93 |               // - generate the initial passkey for the new user & check that they are 
 94 |               // - using a device/browser that supports `largeBlob` webauthn extension
 95 |       		const credential = await passkey.create({
 96 |       			user: {
 97 |       				id: base64URLFromString(address),
 98 |       				name: username,
 99 |       				displayName: username,
100 |       			},
101 |       			extensions: { largeBlob: { support: 'required' } },
102 |       		})
103 | 
104 |       		if (!credential?.clientExtensionResults?.largeBlob?.supported)
105 |       			throw new Error('LargeBlob not supported')
106 | 
107 |               // - optional: if you have access to a secure store (e.g. keychain access)
108 |               // - you can store the pk at this point
109 |             	await storeInYourOwnSecureStoreForPrivateKeys({
110 |                   credentialId: credential.id,
111 |                   privateKey
112 |               })
113 | 
114 |               // - init the viem passkey account
115 |       		const largeBlobAccount = new LargeBlobPasskeyAccount({
116 |       			passkey: new ForumPasskey(),
117 |       			privateKey
118 |       		})
119 | 
120 |               // - init the wagmi passkey connector
121 |       		const connector = new PasskeyConnector({
122 |       			account: largeBlobAccount.toAccount(),
123 |       			config,
124 |       		})
125 | 
126 |       		connect({ connector })
127 | 
128 |            // - you could choose to delay the following (storing the large blob)
129 |            // - until the users first tx but for the example we do it here
130 |          	const write = await passkey.get({
131 |              	extensions: { largeBlob: { write: privateKey } },
132 |              	allowCredentials: [{ type: 'public-key', id: credential.id }],
133 |          	})
134 | 
135 |          	if(!write?.clientExtensionResults.largeBlob?.written)
136 |                 throw new Error('failed to store large blob')
137 | 
138 |       		return credential
139 |       	}
140 | 
141 |       	return { createAccount }
142 |    }
143 |    ```
144 | 
145 | 3. Integrate the hook into a normal wagmi connect flow
146 |    ```tsx
147 |    import { useAccount, useConfig, useConnect, useDisconnect } from 'wagmi'
148 |    import { generatePrivateKey, privateKeyToAddress } from 'viem/accounts'
149 |    import { PasskeyConnector } from '@forum/passkeys'
150 |    import { useCreateAccount } from './use-create-account.ts'
151 | 
152 |    function Profile() {
153 |    	const { address } = useAccount()
154 |    	const { connect } = useConnect()
155 |    	const { disconnect } = useDisconnect()
156 |     const { createAccount } = useCreateAccount()
157 | 
158 |    	if (address) {
159 |    		return (
160 |            	<div>
161 |        			Connected to { address }
162 |                	<button onClick={ () => disconnect() }> Disconnect < /button>
163 |        		< /div>
164 |            )
165 |    y    }
166 |    	return <button onClick={ () => createAccount('username') }> Connect Wallet < /button>
167 |    }
168 |    ```
169 | 


--------------------------------------------------------------------------------
/biome.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"$schema": "https://biomejs.dev/schemas/1.2.2/schema.json",
 3 | 	"organizeImports": {
 4 | 		"enabled": true
 5 | 	},
 6 | 	"formatter": {
 7 | 		"enabled": true,
 8 | 		"formatWithErrors": false,
 9 | 		"indentStyle": "tab",
10 | 		"indentSize": 2,
11 | 		"lineWidth": 100,
12 | 		"ignore": []
13 | 	},
14 | 	"linter": {
15 | 		"enabled": true,
16 | 		"rules": {
17 | 			"recommended": true
18 | 		}
19 | 	}
20 | }


--------------------------------------------------------------------------------
/bun.lockb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/onit-labs/passkeys/095323f93b61398759d3746fc02319277a4dab13/bun.lockb


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "@forum/passkeys",
 3 |   "module": "index.ts",
 4 |   "type": "module",
 5 |   "version": "0.1.2",
 6 |   "description": "A utility library for using (webauthn) passkeys with viem & wagmi",
 7 |   "main": "./src/index.ts",
 8 |   "types": "./src/index.ts",
 9 |   "scripts": {
10 |     "build": "bun run clean && bun run build:cjs && bun run build:esm && bun run build:types",
11 |     "build:cjs": "tsc --project ./tsconfig.build.json --module commonjs --outDir ./src/_cjs --removeComments --verbatimModuleSyntax false && printf '{\"type\":\"commonjs\"}' > ./src/_cjs/package.json",
12 |     "build:esm": "tsc --project ./tsconfig.build.json --module es2015 --outDir ./src/_esm && printf '{\"type\": \"module\",\"sideEffects\":false}' > ./src/_esm/package.json",
13 |     "build:types": "tsc --project ./tsconfig.build.json --module esnext --declarationDir ./src/_types --emitDeclarationOnly --declaration --declarationMap",
14 |     "changeset": "changeset",
15 |     "changeset:release": "bun run build && changeset publish",
16 |     "changeset:version": "changeset version && bun install --lockfile-only",
17 |     "clean": "rimraf dist *.tsbuildinfo",
18 |     "format": "biome format . --write",
19 |     "lint": "biome check .",
20 |     "lint:fix": "bun run lint --apply",
21 |     "size": "size-limit",
22 |     "test": "vitest dev",
23 |     "test:cov": "vitest run --coverage",
24 |     "test:typecheck": "vitest typecheck",
25 |     "typecheck": "tsc --noEmit"
26 |   },
27 |   "keywords": [
28 |     "webauthn",
29 |     "passkeys",
30 |     "viem",
31 |     "wagmi"
32 |   ],
33 |   "author": "Peter Ferguson <peterferguson95@gmail.com> (https://github.com/peterferguson)",
34 |   "license": "MIT",
35 |   "devDependencies": {
36 |     "@biomejs/biome": "1.2.2",
37 |     "@changesets/cli": "^2.26.2",
38 |     "@types/react": "^18.0.25",
39 |     "bun-types": "^1.0.1",
40 |     "rimraf": "^5.0.1",
41 |     "simple-git-hooks": "^2.8.1",
42 |     "typescript": "^5.2.2"
43 |   },
44 |   "peerDependencies": {
45 |     "typescript": "^5.0.0",
46 |     "viem": "*",
47 |     "wagmi": "*",
48 |     "zod": "*"
49 |   },
50 |   "simple-git-hooks": {
51 |     "pre-commit": "bun run format && bun run lint:fix"
52 |   },
53 |   "repository": {
54 |     "type": "git",
55 |     "url": "git+https://github.com/forumdaos/passkeys.git"
56 |   },
57 |   "bugs": {
58 |     "url": "https://github.com/forumdaos/passkeys/issues"
59 |   },
60 |   "homepage": "https://github.com/forumdaos/passkeys#readme"
61 | }


--------------------------------------------------------------------------------
/src/index.ts:
--------------------------------------------------------------------------------
 1 | export * from './large-blob-passkey-account'
 2 | export * from './passkey'
 3 | export * from './passkey-connector'
 4 | export * from './passkey-provider'
 5 | export * from './passkey.types'
 6 | 
 7 | export {
 8 |     type Base64String,
 9 |     type Base64URLString,
10 |     webauthnAuthenticationResponseSchema,
11 |     webauthnRegisterationResultSchema
12 | } from './utils/webauthn-zod'


--------------------------------------------------------------------------------
/src/large-blob-passkey-account.ts:
--------------------------------------------------------------------------------
  1 | import {
  2 | 	privateKeyToAddress,
  3 | 	signMessage,
  4 | 	signTransaction,
  5 | 	signTypedData,
  6 | 	toAccount,
  7 | } from 'viem/accounts'
  8 | import { base64URLStringToHex } from './utils/encoding'
  9 | 
 10 | import type { Address, Hash, Hex, PrivateKeyAccount } from 'viem'
 11 | import type { AuthenticationResponseJSON } from './passkey.types'
 12 | import { Passkey } from './passkey'
 13 | 
 14 | // - Branded types to make it clearer what to pass
 15 | type Base64URLString = string
 16 | 
 17 | /**
 18 |  * Allow user to initiate the account having already verified the user holds the passkey
 19 |  * thus being able to pass the privateKey
 20 |  *
 21 |  * Or allow the user to delay initiation of the account until sign time
 22 |  */
 23 | type Params<TPasskey extends Passkey> = { passkey: TPasskey } & PresentationParams &
 24 | 	({ address: Address; credentialId: Base64URLString } | { privateKey: Hash })
 25 | 
 26 | /**
 27 |  * Imperative methods to present the end user with UI that will explain the transaction/message
 28 |  * This is an attempt to force developers to MAKE SURE that end users are not blind signing with their passkey
 29 |  */
 30 | export interface PresentationParams {
 31 | 	presentSignMessage: (message: Parameters<typeof signMessage>[0]['message']) => Promise<boolean>
 32 | 	presentSignTransaction: (
 33 | 		transaction: Parameters<typeof signTransaction>[0]['transaction'],
 34 | 	) => Promise<boolean>
 35 | 	presentSignTypedData: (
 36 | 		typedData: Omit<Parameters<typeof signTypedData>[0], 'privateKey'>,
 37 | 	) => Promise<boolean>
 38 | }
 39 | 
 40 | export class LargeBlobPasskeyAccount<TPasskey extends Passkey = Passkey> {
 41 | 	address?: Address
 42 | 	credentialId?: Base64URLString
 43 | 	privateKey?: Hash
 44 | 	context: PresentationParams
 45 | 	passkey: TPasskey
 46 | 
 47 | 	constructor(params: Params<TPasskey>) {
 48 | 		this.passkey = params.passkey
 49 | 		this.context = {
 50 | 			presentSignMessage: params.presentSignMessage,
 51 | 			presentSignTransaction: params.presentSignTransaction,
 52 | 			presentSignTypedData: params.presentSignTypedData,
 53 | 		}
 54 | 
 55 | 		if ('address' in params) {
 56 | 			this.address = params.address
 57 | 			this.credentialId = params.credentialId
 58 | 		}
 59 | 
 60 | 		if ('privateKey' in params) {
 61 | 			this.privateKey = params.privateKey
 62 | 		}
 63 | 	}
 64 | 
 65 | 	initPrivateKeyFromPasskey(
 66 | 		authenticationResponse: Pick<AuthenticationResponseJSON, 'clientExtensionResults'>,
 67 | 	): Hex {
 68 | 		const largeBlob = authenticationResponse?.clientExtensionResults.largeBlob?.blob
 69 | 
 70 | 		// TODO: should we encode the blob as JSON or just assume it is actually the privateKey?
 71 | 
 72 | 		if (!largeBlob) {
 73 | 			throw new Error('No blob stored on passkey')
 74 | 		}
 75 | 
 76 | 		// ! for now assuming that the blob is JUST a privateKey
 77 | 		this.privateKey = base64URLStringToHex(largeBlob)
 78 | 
 79 | 		return this.privateKey
 80 | 	}
 81 | 
 82 | 	initAccount() {
 83 | 		if (!this.address && this.privateKey) {
 84 | 			this.address = privateKeyToAddress(this.privateKey)
 85 | 		}
 86 | 		if (!this.address) throw new Error('Failed to find address associted to the account')
 87 | 	}
 88 | 
 89 | 	toAccount(): PrivateKeyAccount {
 90 | 		if (!this.address) this.initAccount()
 91 | 		const { presentSignMessage, presentSignTransaction, presentSignTypedData } = this.context
 92 | 
 93 | 		const getPrivateKey = async () => {
 94 | 			if (this.privateKey) return this.privateKey
 95 | 
 96 | 			// - use passkey largeBlob extension to return the EOA privateKey
 97 | 			if (!this.credentialId) throw new Error('No passkey credentialId was found')
 98 | 
 99 | 			// TODO: if privateKey exists store it and delete from local?
100 | 			// TODO: or create a variable that detects if it has been stored and ensure that it is stored on passkey as well
101 | 
102 | 			// @ts-expect-error: we ignore the challenge in our version
103 | 			const response = await this.passkey.get({
104 | 				allowCredentials: [{ type: 'public-key', id: this.credentialId }],
105 | 			})
106 | 
107 | 			if (!response) throw new Error('No response from passkey')
108 | 			console.log('toAccount - response', response)
109 | 
110 | 			return this.initPrivateKeyFromPasskey(response)
111 | 		}
112 | 
113 | 		return {
114 | 			...toAccount({
115 | 				// biome-ignore lint/style/noNonNullAssertion: we throw an error or initialise this
116 | 				address: this.address!, // TODO: add throw expression instead of ignoring?
117 | 				async signMessage({ message }) {
118 | 					if (!(await presentSignMessage(message))) throw new Error('Failed to sign message')
119 | 					console.log('signMessage', message)
120 | 					const privateKey = await getPrivateKey()
121 | 					return signMessage({ message, privateKey })
122 | 				},
123 | 				async signTransaction(transaction, { serializer } = {}) {
124 | 					if (!(await presentSignTransaction(transaction)))
125 | 						throw new Error('Failed to sign transation')
126 | 					const privateKey = await getPrivateKey()
127 | 					return signTransaction({ privateKey, transaction, serializer })
128 | 				},
129 | 				async signTypedData(typedData) {
130 | 					if (!(await presentSignTypedData(typedData))) throw new Error('Failed to sign typed data')
131 | 					const privateKey = await getPrivateKey()
132 | 					return signTypedData({ ...typedData, privateKey })
133 | 				},
134 | 			}),
135 | 			source: 'privateKey',
136 | 		}
137 | 	}
138 | }
139 | 
140 | export type PasskeyAccount = ReturnType<InstanceType<typeof LargeBlobPasskeyAccount>['toAccount']>
141 | 


--------------------------------------------------------------------------------
/src/passkey-connector.ts:
--------------------------------------------------------------------------------
  1 | import type { getConfig } from '@wagmi/core'
  2 | import { createWalletClient, custom, getAddress } from 'viem'
  3 | import { Connector, ConnectorNotFoundError } from 'wagmi'
  4 | 
  5 | import { PasskeyAccount, PresentationParams } from './large-blob-passkey-account'
  6 | import { PasskeyProvider, PasskeyProviderOptions, PasskeyWalletClient } from './passkey-provider'
  7 | 
  8 | // ! taken from https://github.com/wagmi-dev/wagmi/blob/6f47485ec9837059def3b1a8df547de9eda16284/packages/connectors/src/utils/normalizeChainId.ts
  9 | function normalizeChainId(chainId: string | number | bigint) {
 10 | 	if (typeof chainId === 'string')
 11 | 		return Number.parseInt(chainId, chainId.trim().substring(0, 2) === '0x' ? 16 : 10)
 12 | 	if (typeof chainId === 'bigint') return Number(chainId)
 13 | 	return chainId
 14 | }
 15 | 
 16 | type WagmiConfig = Pick<ReturnType<typeof getConfig>, 'publicClient' | 'lastUsedChainId' | 'chains'>
 17 | 
 18 | /**
 19 |  * Connector for Passkey Wallets
 20 |  */
 21 | export class PasskeyConnector extends Connector<PasskeyProvider, PasskeyProviderOptions> {
 22 | 	readonly id = 'passkey'
 23 | 	readonly name = 'Passkey'
 24 | 	ready = true
 25 | 
 26 | 	account: PasskeyAccount
 27 | 	#provider?: PasskeyProvider
 28 | 	#config?: WagmiConfig
 29 | 
 30 | 	protected shimDisconnectKey = `${this.id}.shimDisconnect`
 31 | 
 32 | 	constructor({
 33 | 		account,
 34 | 		config,
 35 | 		options: options_,
 36 | 	}: {
 37 | 		account: PasskeyAccount
 38 | 		presentationParams: PresentationParams
 39 | 		config: WagmiConfig
 40 | 		// biome-ignore lint/suspicious/noExplicitAny: <explanation>
 41 | 		options?: any
 42 | 	}) {
 43 | 		const options = {
 44 | 			shimDisconnect: false,
 45 | 			...options_,
 46 | 		}
 47 | 		super({ chains: config.chains, options })
 48 | 
 49 | 		this.account = account
 50 | 		this.#config = config
 51 | 	}
 52 | 
 53 | 	async connect() {
 54 | 		const provider = await this.getProvider()
 55 | 		if (!provider) throw new ConnectorNotFoundError()
 56 | 
 57 | 		if (provider.on) {
 58 | 			provider.on('accountsChanged', this.onAccountsChanged)
 59 | 			provider.on('chainChanged', this.onChainChanged)
 60 | 			provider.on('disconnect', this.onDisconnect)
 61 | 		}
 62 | 
 63 | 		this.emit('message', { type: 'connecting' })
 64 | 
 65 | 		const account = await this.getAccount()
 66 | 		const id = await this.getChainId()
 67 | 
 68 | 		// Add shim to storage signalling wallet is connected
 69 | 		if (this.options.shimDisconnect) this.storage?.setItem(this.shimDisconnectKey, true)
 70 | 
 71 | 		return {
 72 | 			account,
 73 | 			chain: { id, unsupported: this.isChainUnsupported(id) },
 74 | 		}
 75 | 	}
 76 | 
 77 | 	async disconnect() {
 78 | 		const provider = await this.getProvider()
 79 | 		if (!provider?.removeListener) return
 80 | 
 81 | 		provider.removeListener('accountsChanged', this.onAccountsChanged)
 82 | 		provider.removeListener('chainChanged', this.onChainChanged)
 83 | 		provider.removeListener('disconnect', this.onDisconnect)
 84 | 
 85 | 		// Remove shim signalling wallet is disconnected
 86 | 		if (this.options.shimDisconnect) this.storage?.removeItem(this.shimDisconnectKey)
 87 | 	}
 88 | 
 89 | 	async getAccount() {
 90 | 		const provider = await this.getProvider()
 91 | 		if (!provider) throw new ConnectorNotFoundError()
 92 | 		const accounts = (await provider.request({ method: 'eth_accounts' })) as [string, ...string[]]
 93 | 		return getAddress(accounts[0])
 94 | 	}
 95 | 
 96 | 	async getChainId() {
 97 | 		const provider = await this.getProvider()
 98 | 		if (!provider) throw new ConnectorNotFoundError()
 99 | 		return normalizeChainId(provider.chainId)
100 | 	}
101 | 
102 | 	async getProvider() {
103 | 		if (!this.#provider) {
104 | 			const chain = this.chains?.[0]
105 | 			if (!chain) throw new Error('Unsupported chain')
106 | 
107 | 			const { publicClient, lastUsedChainId } = this.#config ?? {}
108 | 
109 | 			if (!publicClient) throw new Error('Missing publicClient')
110 | 
111 | 			const provider = new PasskeyProvider({
112 | 				chainId: lastUsedChainId ?? chain?.id,
113 | 				walletClient: createWalletClient({
114 | 					account: this.account,
115 | 					chain,
116 | 					transport: custom(publicClient),
117 | 				}),
118 | 			})
119 | 			this.#provider = provider
120 | 		}
121 | 		return this.#provider
122 | 	}
123 | 
124 | 	async getWalletClient({ chainId }: { chainId?: number } = {}): Promise<PasskeyWalletClient> {
125 | 		const provider = await this.getProvider()
126 | 		const chain = this.chains.find((x) => x.id === chainId)
127 | 		if (!provider) throw new Error('provider is required.')
128 | 		if (!chain) throw new Error('chain is required.')
129 | 		return createWalletClient({ account: this.account, chain, transport: custom(provider) })
130 | 	}
131 | 
132 | 	async isAuthorized() {
133 | 		try {
134 | 			if (
135 | 				this.options.shimDisconnect &&
136 | 				// If shim does not exist in storage, wallet is disconnected
137 | 				!this.storage?.getItem(this.shimDisconnectKey)
138 | 			)
139 | 				return false
140 | 
141 | 			const address = await this.getAccount()
142 | 
143 | 			return !!address
144 | 		} catch {
145 | 			return false
146 | 		}
147 | 	}
148 | 
149 | 	protected onAccountsChanged(_accounts: string[]) {
150 | 		// TODO
151 | 	}
152 | 
153 | 	protected onChainChanged(_chainId: string | number) {
154 | 		// TODO
155 | 	}
156 | 
157 | 	protected onDisconnect() {
158 | 		this.emit('disconnect')
159 | 	}
160 | }
161 | 


--------------------------------------------------------------------------------
/src/passkey-provider.ts:
--------------------------------------------------------------------------------
  1 | import { default as EventEmitter } from 'eventemitter3'
  2 | import { Chain, TransactionRequest, Transport, WatchAssetParams, getAddress } from 'viem'
  3 | import { WalletClient } from 'wagmi'
  4 | import type { PasskeyAccount } from './large-blob-passkey-account'
  5 | 
  6 | export type PasskeyProviderOptions = {
  7 | 	shimDisconnect?: boolean
  8 | 	chainId: number
  9 | 	walletClient: WalletClient<Transport, Chain, PasskeyAccount>
 10 | }
 11 | 
 12 | type Events = {
 13 | 	accountsChanged(accounts: string[]): void
 14 | 	chainChanged(chainId: number | string): void
 15 | 	disconnect(): void
 16 | }
 17 | 
 18 | type Event = keyof Events
 19 | export type PasskeyWalletClient = WalletClient<Transport, Chain, PasskeyAccount>
 20 | 
 21 | export class PasskeyProvider {
 22 | 	events = new EventEmitter<Events>()
 23 | 
 24 | 	chainId: number
 25 | 	#walletClient?: PasskeyWalletClient
 26 | 	#options: PasskeyProviderOptions
 27 | 
 28 | 	constructor(options: PasskeyProviderOptions) {
 29 | 		this.chainId = options.chainId
 30 | 		this.#options = options
 31 | 		this.#walletClient = options.walletClient
 32 | 	}
 33 | 
 34 | 	async enable() {
 35 | 		if (!this.#walletClient) this.#walletClient = this.#options.walletClient
 36 | 		const address = this.#walletClient.account.address
 37 | 		this.events.emit('accountsChanged', [address])
 38 | 		return [address]
 39 | 	}
 40 | 
 41 | 	async disconnect() {
 42 | 		this.events.emit('disconnect')
 43 | 		this.#walletClient = undefined
 44 | 	}
 45 | 
 46 | 	async getAccounts() {
 47 | 		const address = this.#walletClient?.account.address
 48 | 		if (!address) return []
 49 | 		return [getAddress(address)]
 50 | 	}
 51 | 
 52 | 	getWalletClient(): PasskeyWalletClient {
 53 | 		const walletClient = this.#walletClient
 54 | 		if (!walletClient) throw new Error('walletClient not found')
 55 | 		return walletClient
 56 | 	}
 57 | 
 58 | 	async switchChain(chainId: number) {
 59 | 		this.#options.chainId = chainId
 60 | 		this.chainId = chainId
 61 | 		this.events.emit('chainChanged', chainId)
 62 | 	}
 63 | 
 64 | 	async switchWalletClient(walletClient: PasskeyWalletClient) {
 65 | 		const address = walletClient.account.address
 66 | 		this.#walletClient = walletClient
 67 | 		this.events.emit('accountsChanged', [address])
 68 | 	}
 69 | 
 70 | 	async watchAsset(options: WatchAssetParams) {
 71 | 		return await this.#walletClient?.watchAsset(options)
 72 | 	}
 73 | 
 74 | 	// biome-ignore lint/suspicious/noExplicitAny: <explanation>
 75 | 	async request(request: { method: string; params?: any[] }): Promise<any> {
 76 | 		const { method, params = [] } = request
 77 | 
 78 | 		switch (method) {
 79 | 			case 'personal_sign':
 80 | 			case 'eth_sign': {
 81 | 				const [address, messageHash] = params
 82 | 
 83 | 				if (
 84 | 					this.#walletClient?.account.address.toLowerCase() !== address.toLowerCase() ||
 85 | 					!messageHash.startsWith('0x')
 86 | 				) {
 87 | 					throw new Error('The address or message hash is invalid')
 88 | 				}
 89 | 
 90 | 				return (await this.#walletClient?.signMessage(messageHash)) || '0x'
 91 | 			}
 92 | 
 93 | 			case 'eth_signTypedData':
 94 | 			case 'eth_signTypedData_v4': {
 95 | 				const [address, typedData] = params
 96 | 				const parsedTypedData = typeof typedData === 'string' ? JSON.parse(typedData) : typedData
 97 | 
 98 | 				if (this.#walletClient?.account.address.toLowerCase() !== address.toLowerCase()) {
 99 | 					throw new Error('The address is invalid')
100 | 				}
101 | 
102 | 				return (await this.#walletClient?.signTypedData(parsedTypedData)) || '0x'
103 | 			}
104 | 
105 | 			case 'eth_sendTransaction': {
106 | 				const [passedRequest] = params as [TransactionRequest]
107 | 
108 | 				if (!this.#walletClient) throw new Error('No wallet client found')
109 | 
110 | 				const request = await this.#walletClient.prepareTransactionRequest(passedRequest)
111 | 				const serializedTransaction = await this.#walletClient.signTransaction(request)
112 | 
113 | 				if (!serializedTransaction) throw new Error('Failed to sign transaction')
114 | 
115 | 				return await this.#walletClient?.sendRawTransaction({ serializedTransaction })
116 | 			}
117 | 
118 | 			case 'eth_accounts':
119 | 				return [this.#walletClient?.account.address]
120 | 
121 | 			case 'net_version':
122 | 			case 'eth_chainId':
123 | 				return this.#walletClient?.chain.id
124 | 
125 | 			case 'eth_blockNumber':
126 | 			case 'eth_getBalance':
127 | 			case 'eth_getCode':
128 | 			case 'eth_getTransactionCount':
129 | 			case 'eth_getStorageAt':
130 | 			case 'eth_getBlockByNumber':
131 | 			case 'eth_getBlockByHash':
132 | 			case 'eth_getTransactionByHash':
133 | 			case 'eth_getTransactionReceipt':
134 | 			case 'eth_estimateGas':
135 | 			case 'eth_call':
136 | 			case 'eth_getLogs':
137 | 			case 'eth_gasPrice':
138 | 			case 'wallet_getPermissions':
139 | 			case 'wallet_requestPermissions':
140 | 				this.#walletClient?.transport.request({ method, params })
141 | 
142 | 			default:
143 | 				throw Error(`"${request.method}" not implemented`)
144 | 		}
145 | 	}
146 | 
147 | 	// biome-ignore lint/suspicious/noExplicitAny: <explanation>
148 | 	on(event: Event, listener: (...args: any[]) => void) {
149 | 		this.events.on(event, listener)
150 | 		return this
151 | 	}
152 | 
153 | 	// biome-ignore lint/suspicious/noExplicitAny: <explanation>
154 | 	removeListener(event: Event, listener: (...args: any[]) => void) {
155 | 		this.events.removeListener(event, listener)
156 | 		return this
157 | 	}
158 | }
159 | 


--------------------------------------------------------------------------------
/src/passkey.ts:
--------------------------------------------------------------------------------
 1 | import {
 2 | 	AuthenticationResponseJSON,
 3 | 	PublicKeyCredentialCreationOptionsJSON,
 4 | 	PublicKeyCredentialRequestOptionsJSON,
 5 | 	RegistrationResponseJSON,
 6 | } from './passkey.types'
 7 | 
 8 | /**
 9 |  * A generic type to emulate the json-ified result of the `get` function on the browser `navigator.credential` api
10 |  * or the result `passkey` api from `rn-passkeys`
11 |  */
12 | export abstract class Passkey {
13 | 	rp: PublicKeyCredentialCreationOptionsJSON['rp']
14 | 
15 | 	/**
16 | 	 * This is simply the most widely supported public key type for webauthn
17 | 	 * so we adopt it as a default to ease the boiler plate for the end user
18 | 	 */
19 | 	pubKeyCredParams: PublicKeyCredentialCreationOptionsJSON['pubKeyCredParams'] = [
20 | 		{ type: 'public-key', alg: -7 },
21 | 	]
22 | 
23 | 	/**
24 | 	 * These are the default selector options for a passkey vs a 'regular' webauthn credential
25 | 	 */
26 | 	authenticatorSelection: PublicKeyCredentialCreationOptionsJSON['authenticatorSelection'] = {
27 | 		residentKey: 'required',
28 | 		userVerification: 'preferred',
29 | 	}
30 | 
31 | 	constructor(
32 | 		params: Pick<PublicKeyCredentialCreationOptionsJSON, 'rp' | 'authenticatorSelection'> &
33 | 			Partial<Pick<PublicKeyCredentialCreationOptionsJSON, 'pubKeyCredParams'>>,
34 | 	) {
35 | 		this.rp = params.rp
36 | 		if (params.pubKeyCredParams) this.pubKeyCredParams = params.pubKeyCredParams
37 | 		if (params.authenticatorSelection)
38 | 			this.authenticatorSelection = {
39 | 				...this.authenticatorSelection,
40 | 				...params.authenticatorSelection,
41 | 			}
42 | 	}
43 | 
44 | 	abstract create(
45 | 		options: Omit<PublicKeyCredentialCreationOptionsJSON, 'rp' | 'pubKeyCredParams'> &
46 | 			Partial<Pick<PublicKeyCredentialCreationOptionsJSON, 'pubKeyCredParams'>>,
47 | 	): Promise<RegistrationResponseJSON | null>
48 | 
49 | 	abstract get(
50 | 		options: Omit<PublicKeyCredentialRequestOptionsJSON, 'rpId'>,
51 | 	): Promise<AuthenticationResponseJSON | null>
52 | }
53 | 


--------------------------------------------------------------------------------
/src/passkey.types.ts:
--------------------------------------------------------------------------------
  1 | import type {
  2 | 	// - for override
  3 | 	AuthenticationExtensionsClientInputs as TypeScriptAuthenticationExtensionsClientInputs,
  4 | 	// - for use & reexport
  5 | 	Base64URLString,
  6 | 	AuthenticatorTransportFuture,
  7 | 	PublicKeyCredentialJSON,
  8 | 	PublicKeyCredentialDescriptorJSON,
  9 | 	PublicKeyCredentialUserEntityJSON,
 10 | 	AuthenticatorAttestationResponseJSON,
 11 | } from '@simplewebauthn/typescript-types'
 12 | 
 13 | export type {
 14 | 	AttestationConveyancePreference,
 15 | 	AuthenticationCredential,
 16 | 	AuthenticatorAssertionResponse,
 17 | 	AuthenticatorAttachment,
 18 | 	AuthenticatorAttestationResponse,
 19 | 	AuthenticatorSelectionCriteria,
 20 | 	AuthenticatorTransport,
 21 | 	COSEAlgorithmIdentifier,
 22 | 	Crypto,
 23 | 	PublicKeyCredentialCreationOptions,
 24 | 	PublicKeyCredentialDescriptor,
 25 | 	PublicKeyCredentialParameters,
 26 | 	PublicKeyCredentialRequestOptions,
 27 | 	PublicKeyCredentialRpEntity,
 28 | 	PublicKeyCredentialType,
 29 | 	PublicKeyCredentialUserEntity,
 30 | 	RegistrationCredential,
 31 | 	UserVerificationRequirement,
 32 | } from '@simplewebauthn/typescript-types'
 33 | 
 34 | export type {
 35 | 	Base64URLString,
 36 | 	PublicKeyCredentialJSON,
 37 | 	AuthenticatorTransportFuture,
 38 | 	PublicKeyCredentialDescriptorJSON,
 39 | 	PublicKeyCredentialUserEntityJSON,
 40 | 	AuthenticatorAttestationResponseJSON,
 41 | }
 42 | 
 43 | /**
 44 |  * A variant of PublicKeyCredentialCreationOptions suitable for JSON transmission
 45 |  *
 46 |  * This should eventually get replaced with official TypeScript DOM types when WebAuthn L3 types
 47 |  * eventually make it into the language:
 48 |  *
 49 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptionsjson
 50 |  */
 51 | export interface PublicKeyCredentialCreationOptionsJSON {
 52 | 	rp: PublicKeyCredentialRpEntity
 53 | 	user: PublicKeyCredentialUserEntityJSON
 54 | 	challenge: Base64URLString
 55 | 	pubKeyCredParams: PublicKeyCredentialParameters[]
 56 | 	timeout?: number
 57 | 	excludeCredentials?: PublicKeyCredentialDescriptorJSON[]
 58 | 	authenticatorSelection?: AuthenticatorSelectionCriteria
 59 | 	attestation?: AttestationConveyancePreference
 60 | 	extensions?: AuthenticationExtensionsClientInputs
 61 | }
 62 | 
 63 | /**
 64 |  * A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission
 65 |  */
 66 | export interface PublicKeyCredentialRequestOptionsJSON {
 67 | 	challenge: Base64URLString
 68 | 	timeout?: number
 69 | 	rpId?: string
 70 | 	allowCredentials?: PublicKeyCredentialDescriptorJSON[]
 71 | 	userVerification?: UserVerificationRequirement
 72 | 	extensions?: AuthenticationExtensionsClientInputs
 73 | }
 74 | 
 75 | /**
 76 |  * A slightly-modified RegistrationCredential to simplify working with ArrayBuffers that
 77 |  * are Base64URL-encoded so that they can be sent as JSON.
 78 |  *
 79 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-registrationresponsejson
 80 |  */
 81 | export interface RegistrationResponseJSON {
 82 | 	id: Base64URLString
 83 | 	rawId: Base64URLString
 84 | 	response: AuthenticatorAttestationResponseJSON
 85 | 	authenticatorAttachment?: AuthenticatorAttachment
 86 | 	clientExtensionResults: AuthenticationExtensionsClientOutputs
 87 | 	type: PublicKeyCredentialType
 88 | }
 89 | 
 90 | /**
 91 |  * A slightly-modified AuthenticationCredential to simplify working with ArrayBuffers that
 92 |  * are Base64URL-encoded so that they can be sent as JSON.
 93 |  *
 94 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson
 95 |  */
 96 | export interface AuthenticationResponseJSON {
 97 | 	id: Base64URLString
 98 | 	rawId: Base64URLString
 99 | 	response: AuthenticatorAssertionResponseJSON
100 | 	authenticatorAttachment?: AuthenticatorAttachment
101 | 	clientExtensionResults: AuthenticationExtensionsClientOutputs
102 | 	type: PublicKeyCredentialType
103 | }
104 | 
105 | /**
106 |  * A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that
107 |  * are Base64URL-encoded so that they can be sent as JSON.
108 |  *
109 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticatorassertionresponsejson
110 |  */
111 | export interface AuthenticatorAssertionResponseJSON {
112 | 	clientDataJSON: Base64URLString
113 | 	authenticatorData: Base64URLString
114 | 	signature: Base64URLString
115 | 	userHandle?: string
116 | }
117 | 
118 | /**
119 |  * TypeScript's types are behind the latest extensions spec, so we define them here.
120 |  * Should eventually be replaced by TypeScript's when TypeScript gets updated to
121 |  * know about it (sometime after 5.3)
122 |  *
123 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticationextensionsclientinputs
124 |  */
125 | export interface AuthenticationExtensionsClientInputs
126 | 	extends TypeScriptAuthenticationExtensionsClientInputs {
127 | 	largeBlob?: AuthenticationExtensionsLargeBlobInputs
128 | }
129 | 
130 | export type LargeBlobSupport = 'preferred' | 'required'
131 | 
132 | /**
133 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargeblobinputs
134 |  */
135 | export interface AuthenticationExtensionsLargeBlobInputs {
136 | 	// - Only valid during registration.
137 | 	support?: LargeBlobSupport
138 | 
139 | 	// - A boolean that indicates that the Relying Party would like to fetch the previously-written blob associated with the asserted credential. Only valid during authentication.
140 | 	read?: boolean
141 | 
142 | 	// - An opaque byte string that the Relying Party wishes to store with the existing credential. Only valid during authentication.
143 | 	// - We impose that the data is passed as base64-url encoding to make better align the passing of data from RN to native code
144 | 	write?: Base64URLString
145 | }
146 | 
147 | // - largeBlob extension: https://w3c.github.io/webauthn/#sctn-large-blob-extension
148 | export interface AuthenticationExtensionsClientOutputs {
149 | 	largeBlob?: AuthenticationExtensionsLargeBlobOutputs
150 | }
151 | 
152 | /**
153 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargebloboutputs
154 |  */
155 | export interface AuthenticationExtensionsLargeBlobOutputs {
156 | 	// - true if, and only if, the created credential supports storing large blobs. Only present in registration outputs.
157 | 	supported?: boolean
158 | 
159 | 	// - The opaque byte string that was associated with the credential identified by rawId. Only valid if read was true.
160 | 	blob?: Base64URLString
161 | 
162 | 	// - A boolean that indicates that the contents of write were successfully stored on the authenticator, associated with the specified credential.
163 | 	written?: boolean
164 | }
165 | 


--------------------------------------------------------------------------------
/src/utils/encoding.ts:
--------------------------------------------------------------------------------
 1 | import type { Hex } from 'viem'
 2 | 
 3 | // ! taken from https://github.com/MasterKale/SimpleWebAuthn/blob/e02dce6f2f83d8923f3a549f84e0b7b3d44fa3da/packages/browser/src/helpers/base64URLStringToBuffer.ts
 4 | /**
 5 |  * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
 6 |  * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
 7 |  * excludeCredentials
 8 |  *
 9 |  * Helper method to compliment `bufferToBase64URLString`
10 |  */
11 | export function base64URLStringToBuffer(base64URLString: string): ArrayBuffer {
12 | 	// Convert from Base64URL to Base64
13 | 	const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/')
14 | 	/**
15 | 	 * Pad with '=' until it's a multiple of four
16 | 	 * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding
17 | 	 * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding
18 | 	 * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding
19 | 	 * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding
20 | 	 */
21 | 	const padLength = (4 - (base64.length % 4)) % 4
22 | 	const padded = base64.padEnd(base64.length + padLength, '=')
23 | 
24 | 	// Convert to a binary string
25 | 	const binary = atob(padded)
26 | 
27 | 	// Convert binary string to buffer
28 | 	const buffer = new ArrayBuffer(binary.length)
29 | 	const bytes = new Uint8Array(buffer)
30 | 
31 | 	for (let i = 0; i < binary.length; i++) {
32 | 		bytes[i] = binary.charCodeAt(i)
33 | 	}
34 | 
35 | 	return buffer
36 | }
37 | 
38 | // ! taken from https://github.com/MasterKale/SimpleWebAuthn/blob/e02dce6f2f83d8923f3a549f84e0b7b3d44fa3da/packages/browser/src/helpers/bufferToBase64URLString.ts
39 | /**
40 |  * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
41 |  * credential response ArrayBuffers to string for sending back to the server as JSON.
42 |  *
43 |  * Helper method to compliment `base64URLStringToBuffer`
44 |  */
45 | export function bufferToBase64URLString(buffer: ArrayBuffer): string {
46 | 	const bytes = new Uint8Array(buffer)
47 | 	let str = ''
48 | 
49 | 	for (const charCode of bytes) {
50 | 		str += String.fromCharCode(charCode)
51 | 	}
52 | 
53 | 	const base64String = btoa(str)
54 | 
55 | 	return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '')
56 | }
57 | 
58 | export function hexToBuffer(hexString: Hex): ArrayBuffer {
59 | 	const bytes =
60 | 		hexString
61 | 			.slice(2)
62 | 			.match(/.{1,2}/g)
63 | 			?.map((byte) => parseInt(byte, 16)) ?? []
64 | 	return Uint8Array.from(bytes)
65 | }
66 | 
67 | export function bufferToHex(buffer: ArrayBuffer): Hex {
68 | 	return `0x${[...new Uint8Array(buffer)].map((x) => x.toString(16).padStart(2, '0')).join('')}`
69 | }
70 | 
71 | export function base64URLStringToHex(base64URLString: string): Hex {
72 | 	return bufferToHex(base64URLStringToBuffer(base64URLString))
73 | }
74 | 
75 | export function hexToBase64URLString(hexString: Hex): string {
76 | 	return bufferToBase64URLString(hexToBuffer(hexString))
77 | }
78 | 


--------------------------------------------------------------------------------
/src/utils/webauthn-zod.ts:
--------------------------------------------------------------------------------
 1 | import * as z from 'zod'
 2 | 
 3 | /**
 4 |  * - Branded Types to make it clearer how to encode and decode certain types
 5 |  */
 6 | 
 7 | export const base64URLStringSchema = z.string().brand<'Base64URL'>()
 8 | export type Base64URLString = z.infer<typeof base64URLStringSchema>
 9 | 
10 | export const base64StringSchema = z.string().brand<'Base64'>()
11 | export type Base64String = z.infer<typeof base64StringSchema>
12 | 
13 | export const asciiStringSchema = z.string().brand<'Ascii'>()
14 | export type AsciiString = z.infer<typeof asciiStringSchema>
15 | 
16 | export const publicKeyCredentialTypeSchema = z.enum(['public-key']).brand<'PublicKeyCredentialType'>().default('public-key')
17 | export type PublicKeyCredentialType = z.infer<typeof publicKeyCredentialTypeSchema>
18 | 
19 | export const authenticatorAttachmentSchema = z.enum(['platform', 'cross-platform']).brand<'AuthenticatorAttachment'>()
20 | export type AuthenticatorAttachment = z.infer<typeof authenticatorAttachmentSchema>
21 | 
22 | export const COSEAlgorithmIdentifierSchema = z.number().brand<'COSEAlgorithmIdentifier'>()
23 | export type COSEAlgorithmIdentifier = z.infer<typeof COSEAlgorithmIdentifierSchema>
24 | 
25 | export const authenticatorTransportFutureSchema = z.enum([
26 |     'ble', 'cable', 'hybrid', 'internal', 'nfc', 'smart-card', 'usb'
27 | ]).brand<'AuthenticatorTransportFuture'>()
28 | export type AuthenticatorTransportFuture = z.infer<typeof authenticatorTransportFutureSchema>
29 | 
30 | 
31 | /**
32 |  * Webauthn Schemas
33 |  */
34 | const credentialPropertiesOutputSchema = z.object({
35 |     rk: z.boolean().optional(),
36 | })
37 | 
38 | /**
39 |  * - Specification reference: https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargebloboutputs
40 |  */
41 | const authenticationExtensionsLargeBlobOutputsSchema = z.object({
42 |     supported: z.boolean().optional(),
43 |     blob: base64URLStringSchema.optional(),
44 |     written: z.boolean().optional()
45 | })
46 | 
47 | const authenticationExtensionsClientOutputsSchema = z.object({
48 |     appid: z.boolean().optional(),
49 |     credProps: credentialPropertiesOutputSchema.optional(),
50 |     hmacCreateSecret: z.boolean().optional(),
51 |     largeBlob: authenticationExtensionsLargeBlobOutputsSchema.optional()
52 | })
53 | 
54 | const webauthnResultBaseSchema = z.object({
55 |     id: base64URLStringSchema,
56 |     rawId: base64URLStringSchema,
57 |     type: publicKeyCredentialTypeSchema,
58 |     authenticatorAttachment: authenticatorAttachmentSchema.optional(),
59 |     clientExtensionResults: authenticationExtensionsClientOutputsSchema
60 | })
61 | 
62 | const authenticatorAssertionResponseJSONSchema = z.object({
63 |     userHandle: base64URLStringSchema,
64 |     signature: base64URLStringSchema,
65 |     clientDataJSON: base64URLStringSchema,
66 |     authenticatorData: base64URLStringSchema,
67 | })
68 | 
69 | export const authenticatorAttestationResponseJSON = z.object({
70 |     clientDataJSON: base64URLStringSchema,
71 |     attestationObject: base64URLStringSchema,
72 |     authenticatorData: base64URLStringSchema.optional(),
73 |     transports: z.array(authenticatorTransportFutureSchema).optional(),
74 |     publicKeyAlgorithm: COSEAlgorithmIdentifierSchema.optional(),
75 |     publicKey: base64URLStringSchema.optional(),
76 | })
77 | 
78 | /**
79 |  * ! The following are the useful schema above is all sub-schemas
80 |  */
81 | 
82 | export const webauthnAuthenticationResponseSchema = z.object({
83 |     response: authenticatorAssertionResponseJSONSchema,
84 | }).merge(webauthnResultBaseSchema)
85 | 
86 | export const webauthnRegisterationResultSchema = z.object({
87 |     response: authenticatorAttestationResponseJSON
88 | }).merge(webauthnResultBaseSchema)
89 | 
90 | 


--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "compilerOptions": {
 3 |     "allowJs": true,
 4 |     "baseUrl": ".",
 5 |     "downlevelIteration": true,
 6 |     "esModuleInterop": true,
 7 |     "isolatedModules": true,
 8 |     "lib": [
 9 |       "es2021",
10 |       "dom"
11 |     ],
12 |     "module": "esnext",
13 |     "noEmit": true,
14 |     "noImplicitAny": true,
15 |     "noUncheckedIndexedAccess": true,
16 |     "noUnusedLocals": true,
17 |     "noUnusedParameters": true,
18 |     "resolveJsonModule": true,
19 |     "strictNullChecks": true,
20 |     "target": "es2021",
21 |     "moduleResolution": "bundler",
22 |     "moduleDetection": "force",
23 |     "allowImportingTsExtensions": true,
24 |     "composite": true,
25 |     "strict": true,
26 |     "skipLibCheck": true,
27 |     "jsx": "react-jsx",
28 |     "allowSyntheticDefaultImports": true,
29 |     "forceConsistentCasingInFileNames": true,
30 |     "types": [
31 |       "bun-types"
32 |     ]
33 |   },
34 |   "exclude": [
35 |     "**/node_modules/**",
36 |     "**/dist/**"
37 |   ]
38 | }


--------------------------------------------------------------------------------
/vitest.config.js:
--------------------------------------------------------------------------------
 1 | import { defineConfig } from 'vitest/config'
 2 | 
 3 | export default defineConfig({
 4 |   test: {
 5 |     coverage: {
 6 |       reporter: ['text', 'json', 'html'],
 7 |     },
 8 |     environment: 'jsdom',
 9 |     include: ['tests/**/*.test.ts'],
10 |   },
11 | })


--------------------------------------------------------------------------------