We can also verify WebAuthn signatures onchain via contracts that expose a WebAuthn verifier interface.
The example below uses Viem to call the verify function on the WebAuthn.sol contract. However, in a real world scenario, a contract implementing the WebAuthn verifier interface will call the verify function (e.g. a isValidSignature interface on an ERC-4337 Smart Wallet).
Note: Bytecode for the code variable can be obtained here.
List of credential IDs to exclude from the creation. This property can be used to prevent creation of a credential if it already exists.
string[]
rp
An object describing the relying party that requested the credential creation.
{ id: string; name: string }
timeout
Timeout for the credential creation.
number
user
An object describing the user account for which the credential is generated.
{ displayName: string; id: string; name: string }
returns
P256 Credential
P256Credential
sign
Signs a hash using a stored credential. If no credential is provided, a prompt
will be displayed for the user to select an existing credential that was previously registered.
We found that webauthn-p256 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.