@virtonetwork/authenticators-webauthn 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cjs/index.js +25 -38
  2. package/dist/cjs/types.js +9 -9
  3. package/dist/esm/index.d.ts +5 -4
  4. package/dist/esm/index.js +16 -32
  5. package/dist/esm/types.d.ts +9 -9
  6. package/dist/esm/types.js +9 -9
  7. package/package.json +2 -2
package/dist/cjs/index.js CHANGED
@@ -37,26 +37,8 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
37
37
  };
38
38
  Object.defineProperty(exports, "__esModule", { value: true });
39
39
  exports.WebAuthn = exports.KREIVO_AUTHORITY_ID = void 0;
40
- /**
41
- * WebAuthn pass‑key authenticator for Virto Network.
42
- *
43
- * Exposes a browser‑side implementation of {@link Authenticator} that creates,
44
- * stores, and uses WebAuthn resident credentials ("passkeys") while producing
45
- * SCALE‑encoded data structures understood by the Kreivo signer pallet.
46
- *
47
- * Responsibilities
48
- * ─────────────────────────────────────────────────────────
49
- * • Derive a deterministic `deviceId` from the raw credential id
50
- * • Emit `TAttestation<number>` during registration
51
- * • Emit `TPassAuthenticate` during authentication
52
- * • Never persist the credential mapping; that is delegated to the caller
53
- *
54
- * @module WebAuthn
55
- */
56
- var signer_1 = require("@virtonetwork/signer");
57
40
  var substrate_bindings_1 = require("@polkadot-api/substrate-bindings");
58
41
  var types_ts_1 = require("./types.js");
59
- var utils_1 = require("polkadot-api/utils");
60
42
  /** Fixed authority id for Kreivo pass‑key attestors. */
61
43
  exports.KREIVO_AUTHORITY_ID = substrate_bindings_1.Binary.fromText("kreivo_p".padEnd(32, "\0"));
62
44
  /**
@@ -76,8 +58,9 @@ var WebAuthn = /** @class */ (function () {
76
58
  * @param [credentialId] - Raw credential id obtained from a previous
77
59
  * registration flow; omit it if the user must enrol a new pass‑key.
78
60
  */
79
- function WebAuthn(userId, credentialId) {
61
+ function WebAuthn(userId, getChallenge, credentialId) {
80
62
  this.userId = userId;
63
+ this.getChallenge = getChallenge;
81
64
  this.credentialId = credentialId;
82
65
  /**
83
66
  * SHA‑256 hash of {@link userId}. Filled once by {@link setup} and reused
@@ -143,9 +126,9 @@ var WebAuthn = /** @class */ (function () {
143
126
  * @throws Error If this instance already has a credential id.
144
127
  * @returns {Promise<TAttestation<number>>} SCALE‑encoded attestation object.
145
128
  */
146
- WebAuthn.prototype.register = function (blockNumber_1, blockHash_1) {
147
- return __awaiter(this, arguments, void 0, function (blockNumber, blockHash, displayName) {
148
- var challenger, challenge, credentials, _a, attestationObject, clientDataJSON, getPublicKey, publicKey;
129
+ WebAuthn.prototype.register = function (blockNumber_1) {
130
+ return __awaiter(this, arguments, void 0, function (blockNumber, displayName) {
131
+ var challenge, credentials, _a, attestationObject, clientDataJSON, getPublicKey, publicKey;
149
132
  var _b, _c;
150
133
  if (displayName === void 0) { displayName = this.userId; }
151
134
  return __generator(this, function (_d) {
@@ -154,8 +137,9 @@ var WebAuthn = /** @class */ (function () {
154
137
  if (this.credentialId) {
155
138
  throw new Error("Already have a credentialId; no need to register");
156
139
  }
157
- challenger = new signer_1.KreivoBlockChallenger();
158
- challenge = challenger.generate((0, utils_1.fromHex)(blockHash), new Uint8Array());
140
+ return [4 /*yield*/, this.getChallenge(blockNumber, new Uint8Array([]))];
141
+ case 1:
142
+ challenge = _d.sent();
159
143
  return [4 /*yield*/, navigator.credentials.create({
160
144
  publicKey: {
161
145
  challenge: challenge,
@@ -171,7 +155,7 @@ var WebAuthn = /** @class */ (function () {
171
155
  timeout: 60000,
172
156
  },
173
157
  })];
174
- case 1:
158
+ case 2:
175
159
  credentials = (_d.sent());
176
160
  _a = credentials.response, attestationObject = _a.attestationObject, clientDataJSON = _a.clientDataJSON, getPublicKey = _a.getPublicKey;
177
161
  // Save raw credential id for future auth calls
@@ -182,15 +166,15 @@ var WebAuthn = /** @class */ (function () {
182
166
  }
183
167
  _b = {};
184
168
  _c = {
185
- authorityId: exports.KREIVO_AUTHORITY_ID
169
+ authority_id: exports.KREIVO_AUTHORITY_ID
186
170
  };
187
171
  return [4 /*yield*/, WebAuthn.getDeviceId(this)];
188
- case 2: return [2 /*return*/, (_b.meta = (_c.deviceId = _d.sent(),
172
+ case 3: return [2 /*return*/, (_b.meta = (_c.device_id = _d.sent(),
189
173
  _c.context = blockNumber,
190
174
  _c),
191
- _b.authenticatorData = substrate_bindings_1.Binary.fromBytes(new Uint8Array(attestationObject)),
192
- _b.clientData = substrate_bindings_1.Binary.fromBytes(new Uint8Array(clientDataJSON)),
193
- _b.publicKey = substrate_bindings_1.Binary.fromBytes(new Uint8Array(publicKey)),
175
+ _b.authenticator_data = substrate_bindings_1.Binary.fromBytes(new Uint8Array(attestationObject)),
176
+ _b.client_data = substrate_bindings_1.Binary.fromBytes(new Uint8Array(clientDataJSON)),
177
+ _b.public_key = substrate_bindings_1.Binary.fromBytes(new Uint8Array(publicKey)),
194
178
  _b)];
195
179
  }
196
180
  });
@@ -206,9 +190,9 @@ var WebAuthn = /** @class */ (function () {
206
190
  * @returns SCALE‑encoded authentication payload.
207
191
  * @throws Error If no credential id is available.
208
192
  */
209
- WebAuthn.prototype.authenticate = function (challenge, context) {
193
+ WebAuthn.prototype.authenticate = function (context, xtc) {
210
194
  return __awaiter(this, void 0, void 0, function () {
211
- var publicKey, cred, _a, authenticatorData, clientDataJSON, signature, assertion;
195
+ var challenge, publicKey, cred, _a, authenticatorData, clientDataJSON, signature, assertion;
212
196
  var _b;
213
197
  return __generator(this, function (_c) {
214
198
  switch (_c.label) {
@@ -216,6 +200,9 @@ var WebAuthn = /** @class */ (function () {
216
200
  if (!this.credentialId) {
217
201
  throw new Error("credentialId unknown – call register() first or inject it via constructor/setCredentialId()");
218
202
  }
203
+ return [4 /*yield*/, this.getChallenge(context, xtc)];
204
+ case 1:
205
+ challenge = _c.sent();
219
206
  publicKey = {
220
207
  challenge: challenge,
221
208
  allowCredentials: [
@@ -231,22 +218,22 @@ var WebAuthn = /** @class */ (function () {
231
218
  return [4 /*yield*/, navigator.credentials.get({
232
219
  publicKey: publicKey,
233
220
  })];
234
- case 1:
221
+ case 2:
235
222
  cred = (_c.sent());
236
223
  _a = cred.response, authenticatorData = _a.authenticatorData, clientDataJSON = _a.clientDataJSON, signature = _a.signature;
237
224
  assertion = {
238
225
  meta: {
239
- authorityId: exports.KREIVO_AUTHORITY_ID,
240
- userId: substrate_bindings_1.Binary.fromBytes(this.hashedUserId),
226
+ authority_id: exports.KREIVO_AUTHORITY_ID,
227
+ user_id: substrate_bindings_1.Binary.fromBytes(this.hashedUserId),
241
228
  context: context,
242
229
  },
243
- authenticatorData: substrate_bindings_1.Binary.fromBytes(new Uint8Array(authenticatorData)),
244
- clientData: substrate_bindings_1.Binary.fromBytes(new Uint8Array(clientDataJSON)),
230
+ authenticator_data: substrate_bindings_1.Binary.fromBytes(new Uint8Array(authenticatorData)),
231
+ client_data: substrate_bindings_1.Binary.fromBytes(new Uint8Array(clientDataJSON)),
245
232
  signature: substrate_bindings_1.Binary.fromBytes(new Uint8Array(signature)),
246
233
  };
247
234
  _b = {};
248
235
  return [4 /*yield*/, WebAuthn.getDeviceId(this)];
249
- case 2: return [2 /*return*/, (_b.deviceId = _c.sent(),
236
+ case 3: return [2 /*return*/, (_b.deviceId = _c.sent(),
250
237
  _b.credentials = {
251
238
  tag: "WebAuthn",
252
239
  value: types_ts_1.Assertion.enc(assertion),
package/dist/cjs/types.js CHANGED
@@ -4,24 +4,24 @@ exports.Assertion = exports.Attestation = void 0;
4
4
  var substrate_bindings_1 = require("@polkadot-api/substrate-bindings");
5
5
  var scale_ts_1 = require("scale-ts");
6
6
  var AttestationMeta = (0, scale_ts_1.Struct)({
7
- authorityId: (0, substrate_bindings_1.Bin)(32),
8
- deviceId: (0, substrate_bindings_1.Bin)(32),
7
+ authority_id: (0, substrate_bindings_1.Bin)(32),
8
+ device_id: (0, substrate_bindings_1.Bin)(32),
9
9
  context: scale_ts_1.u32,
10
10
  });
11
11
  exports.Attestation = (0, scale_ts_1.Struct)({
12
12
  meta: AttestationMeta,
13
- authenticatorData: (0, substrate_bindings_1.Bin)(),
14
- clientData: (0, substrate_bindings_1.Bin)(),
15
- publicKey: (0, substrate_bindings_1.Bin)(),
13
+ authenticator_data: (0, substrate_bindings_1.Bin)(),
14
+ client_data: (0, substrate_bindings_1.Bin)(),
15
+ public_key: (0, substrate_bindings_1.Bin)(),
16
16
  });
17
17
  var AssertionMeta = (0, scale_ts_1.Struct)({
18
- authorityId: (0, substrate_bindings_1.Bin)(32),
19
- userId: (0, substrate_bindings_1.Bin)(32),
18
+ authority_id: (0, substrate_bindings_1.Bin)(32),
19
+ user_id: (0, substrate_bindings_1.Bin)(32),
20
20
  context: scale_ts_1.u32,
21
21
  });
22
22
  exports.Assertion = (0, scale_ts_1.Struct)({
23
23
  meta: AssertionMeta,
24
- authenticatorData: (0, substrate_bindings_1.Bin)(),
25
- clientData: (0, substrate_bindings_1.Bin)(),
24
+ authenticator_data: (0, substrate_bindings_1.Bin)(),
25
+ client_data: (0, substrate_bindings_1.Bin)(),
26
26
  signature: (0, substrate_bindings_1.Bin)(),
27
27
  });
package/dist/esm/index.d.ts CHANGED
@@ -16,7 +16,7 @@
16
16
  */
17
17
  import { Authenticator, DeviceId } from "@virtonetwork/signer";
18
18
  import { Binary } from "@polkadot-api/substrate-bindings";
19
- import type { BlockHash, TAttestation } from "./types.ts";
19
+ import type { TAttestation } from "./types.ts";
20
20
  import type { TPassAuthenticate } from "@virtonetwork/signer";
21
21
  /** Fixed authority id for Kreivo pass‑key attestors. */
22
22
  export declare const KREIVO_AUTHORITY_ID: Binary;
@@ -31,6 +31,7 @@ export declare const KREIVO_AUTHORITY_ID: Binary;
31
31
  */
32
32
  export declare class WebAuthn implements Authenticator<number> {
33
33
  readonly userId: string;
34
+ getChallenge: (context: number, xtc: Uint8Array) => Promise<Uint8Array>;
34
35
  credentialId?: Uint8Array | undefined;
35
36
  /**
36
37
  * SHA‑256 hash of {@link userId}. Filled once by {@link setup} and reused
@@ -44,7 +45,7 @@ export declare class WebAuthn implements Authenticator<number> {
44
45
  * @param [credentialId] - Raw credential id obtained from a previous
45
46
  * registration flow; omit it if the user must enrol a new pass‑key.
46
47
  */
47
- constructor(userId: string, credentialId?: Uint8Array | undefined);
48
+ constructor(userId: string, getChallenge: (context: number, xtc: Uint8Array) => Promise<Uint8Array>, credentialId?: Uint8Array | undefined);
48
49
  /**
49
50
  * Deterministic identifier of the hardware/software authenticator
50
51
  * (`deviceId = Blake2‑256(credentialId)`).
@@ -77,7 +78,7 @@ export declare class WebAuthn implements Authenticator<number> {
77
78
  * @throws Error If this instance already has a credential id.
78
79
  * @returns {Promise<TAttestation<number>>} SCALE‑encoded attestation object.
79
80
  */
80
- register(blockNumber: number, blockHash: BlockHash, displayName?: string): Promise<TAttestation<number>>;
81
+ register(blockNumber: number, displayName?: string): Promise<TAttestation<number>>;
81
82
  /**
82
83
  * Signs an arbitrary challenge with the pass‑key and produces a
83
84
  * {@link TPassAuthenticate} payload understood by `PassSigner`.
@@ -88,5 +89,5 @@ export declare class WebAuthn implements Authenticator<number> {
88
89
  * @returns SCALE‑encoded authentication payload.
89
90
  * @throws Error If no credential id is available.
90
91
  */
91
- authenticate(challenge: Uint8Array, context: number): Promise<TPassAuthenticate>;
92
+ authenticate(context: number, xtc: Uint8Array): Promise<TPassAuthenticate>;
92
93
  }
package/dist/esm/index.js CHANGED
@@ -1,23 +1,5 @@
1
- /**
2
- * WebAuthn pass‑key authenticator for Virto Network.
3
- *
4
- * Exposes a browser‑side implementation of {@link Authenticator} that creates,
5
- * stores, and uses WebAuthn resident credentials ("passkeys") while producing
6
- * SCALE‑encoded data structures understood by the Kreivo signer pallet.
7
- *
8
- * Responsibilities
9
- * ─────────────────────────────────────────────────────────
10
- * • Derive a deterministic `deviceId` from the raw credential id
11
- * • Emit `TAttestation<number>` during registration
12
- * • Emit `TPassAuthenticate` during authentication
13
- * • Never persist the credential mapping; that is delegated to the caller
14
- *
15
- * @module WebAuthn
16
- */
17
- import { KreivoBlockChallenger, } from "@virtonetwork/signer";
18
1
  import { Binary, Blake2256 } from "@polkadot-api/substrate-bindings";
19
2
  import { Assertion } from "./types.js";
20
- import { fromHex } from "polkadot-api/utils";
21
3
  /** Fixed authority id for Kreivo pass‑key attestors. */
22
4
  export const KREIVO_AUTHORITY_ID = Binary.fromText("kreivo_p".padEnd(32, "\0"));
23
5
  /**
@@ -31,6 +13,7 @@ export const KREIVO_AUTHORITY_ID = Binary.fromText("kreivo_p".padEnd(32, "\0"));
31
13
  */
32
14
  export class WebAuthn {
33
15
  userId;
16
+ getChallenge;
34
17
  credentialId;
35
18
  /**
36
19
  * SHA‑256 hash of {@link userId}. Filled once by {@link setup} and reused
@@ -44,8 +27,9 @@ export class WebAuthn {
44
27
  * @param [credentialId] - Raw credential id obtained from a previous
45
28
  * registration flow; omit it if the user must enrol a new pass‑key.
46
29
  */
47
- constructor(userId, credentialId) {
30
+ constructor(userId, getChallenge, credentialId) {
48
31
  this.userId = userId;
32
+ this.getChallenge = getChallenge;
49
33
  this.credentialId = credentialId;
50
34
  }
51
35
  /**
@@ -90,12 +74,11 @@ export class WebAuthn {
90
74
  * @throws Error If this instance already has a credential id.
91
75
  * @returns {Promise<TAttestation<number>>} SCALE‑encoded attestation object.
92
76
  */
93
- async register(blockNumber, blockHash, displayName = this.userId) {
77
+ async register(blockNumber, displayName = this.userId) {
94
78
  if (this.credentialId) {
95
79
  throw new Error("Already have a credentialId; no need to register");
96
80
  }
97
- const challenger = new KreivoBlockChallenger();
98
- const challenge = challenger.generate(fromHex(blockHash), new Uint8Array());
81
+ const challenge = await this.getChallenge(blockNumber, new Uint8Array([]));
99
82
  const credentials = (await navigator.credentials.create({
100
83
  publicKey: {
101
84
  challenge,
@@ -121,13 +104,13 @@ export class WebAuthn {
121
104
  }
122
105
  return {
123
106
  meta: {
124
- authorityId: KREIVO_AUTHORITY_ID,
125
- deviceId: await WebAuthn.getDeviceId(this),
107
+ authority_id: KREIVO_AUTHORITY_ID,
108
+ device_id: await WebAuthn.getDeviceId(this),
126
109
  context: blockNumber,
127
110
  },
128
- authenticatorData: Binary.fromBytes(new Uint8Array(attestationObject)),
129
- clientData: Binary.fromBytes(new Uint8Array(clientDataJSON)),
130
- publicKey: Binary.fromBytes(new Uint8Array(publicKey)),
111
+ authenticator_data: Binary.fromBytes(new Uint8Array(attestationObject)),
112
+ client_data: Binary.fromBytes(new Uint8Array(clientDataJSON)),
113
+ public_key: Binary.fromBytes(new Uint8Array(publicKey)),
131
114
  };
132
115
  }
133
116
  /**
@@ -140,10 +123,11 @@ export class WebAuthn {
140
123
  * @returns SCALE‑encoded authentication payload.
141
124
  * @throws Error If no credential id is available.
142
125
  */
143
- async authenticate(challenge, context) {
126
+ async authenticate(context, xtc) {
144
127
  if (!this.credentialId) {
145
128
  throw new Error("credentialId unknown – call register() first or inject it via constructor/setCredentialId()");
146
129
  }
130
+ const challenge = await this.getChallenge(context, xtc);
147
131
  const publicKey = {
148
132
  challenge,
149
133
  allowCredentials: [
@@ -162,12 +146,12 @@ export class WebAuthn {
162
146
  const { authenticatorData, clientDataJSON, signature } = cred.response;
163
147
  const assertion = {
164
148
  meta: {
165
- authorityId: KREIVO_AUTHORITY_ID,
166
- userId: Binary.fromBytes(this.hashedUserId),
149
+ authority_id: KREIVO_AUTHORITY_ID,
150
+ user_id: Binary.fromBytes(this.hashedUserId),
167
151
  context,
168
152
  },
169
- authenticatorData: Binary.fromBytes(new Uint8Array(authenticatorData)),
170
- clientData: Binary.fromBytes(new Uint8Array(clientDataJSON)),
153
+ authenticator_data: Binary.fromBytes(new Uint8Array(authenticatorData)),
154
+ client_data: Binary.fromBytes(new Uint8Array(clientDataJSON)),
171
155
  signature: Binary.fromBytes(new Uint8Array(signature)),
172
156
  };
173
157
  return {
package/dist/esm/types.d.ts CHANGED
@@ -3,26 +3,26 @@ import { Binary, HexString } from "@polkadot-api/substrate-bindings";
3
3
  import { Codec } from "scale-ts";
4
4
  export type BlockHash = HexString;
5
5
  export type TAttestationMeta<Cx> = {
6
- authorityId: AuthorityId;
7
- deviceId: DeviceId;
6
+ authority_id: AuthorityId;
7
+ device_id: DeviceId;
8
8
  context: Cx;
9
9
  };
10
10
  export type TAttestation<Cx> = {
11
11
  meta: TAttestationMeta<Cx>;
12
- authenticatorData: Binary;
13
- clientData: Binary;
14
- publicKey: Binary;
12
+ authenticator_data: Binary;
13
+ client_data: Binary;
14
+ public_key: Binary;
15
15
  };
16
16
  export declare const Attestation: Codec<TAttestation<number>>;
17
17
  export type TAssertionMeta<Cx> = {
18
- authorityId: AuthorityId;
19
- userId: HashedUserId;
18
+ authority_id: AuthorityId;
19
+ user_id: HashedUserId;
20
20
  context: Cx;
21
21
  };
22
22
  export type TAssertion<Cx> = {
23
23
  meta: TAssertionMeta<Cx>;
24
- authenticatorData: Binary;
25
- clientData: Binary;
24
+ authenticator_data: Binary;
25
+ client_data: Binary;
26
26
  signature: Binary;
27
27
  };
28
28
  export declare const Assertion: Codec<TAssertion<number>>;
package/dist/esm/types.js CHANGED
@@ -1,24 +1,24 @@
1
1
  import { Bin } from "@polkadot-api/substrate-bindings";
2
2
  import { Struct, u32 } from "scale-ts";
3
3
  const AttestationMeta = Struct({
4
- authorityId: Bin(32),
5
- deviceId: Bin(32),
4
+ authority_id: Bin(32),
5
+ device_id: Bin(32),
6
6
  context: u32,
7
7
  });
8
8
  export const Attestation = Struct({
9
9
  meta: AttestationMeta,
10
- authenticatorData: Bin(),
11
- clientData: Bin(),
12
- publicKey: Bin(),
10
+ authenticator_data: Bin(),
11
+ client_data: Bin(),
12
+ public_key: Bin(),
13
13
  });
14
14
  const AssertionMeta = Struct({
15
- authorityId: Bin(32),
16
- userId: Bin(32),
15
+ authority_id: Bin(32),
16
+ user_id: Bin(32),
17
17
  context: u32,
18
18
  });
19
19
  export const Assertion = Struct({
20
20
  meta: AssertionMeta,
21
- authenticatorData: Bin(),
22
- clientData: Bin(),
21
+ authenticator_data: Bin(),
22
+ client_data: Bin(),
23
23
  signature: Bin(),
24
24
  });
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@virtonetwork/authenticators-webauthn",
3
3
  "description": "An Authenticator compatible with KreivoPassSigner that uses the WebAuthn standard",
4
- "version": "1.0.0",
4
+ "version": "1.0.2",
5
5
  "type": "module",
6
6
  "files": [
7
7
  "dist"
@@ -52,4 +52,4 @@
52
52
  "registry": "https://registry.npmjs.org/",
53
53
  "access": "public"
54
54
  }
55
- }
55
+ }