Add a Passkey module for Soroban smart wallets#94
Open
Signor1 wants to merge 2 commits into
Open
Conversation
Author
|
Demo: the module connected from the kit's modal and signing with Touch ID wallet-passkey-kit.mp4 |
Verified byte-for-byte against the Rust SDK's encoding and by a passkey-signed transfer on testnet: https://stellar.expert/explorer/testnet/tx/dd2d9815ee1a3ea34e95bf58fd2658ba3892a5e47d7bb758c50f75ef49e9c534
Author
|
Following up on the transparency note: on-chain verification is done. We deployed a smart wallet on testnet from the unmodified passkey-kit contracts, and moved 25 XLM out of it authorized by a secp256r1 WebAuthn signature, verified by the contract's __check_auth:
Doing this surfaced one fix, now pushed to this branch: the contract's Signatures type is a one-field tuple struct, so it encodes as a Vec wrapping the map. The module's encoding is now byte-identical to the contract's Rust SDK (we generate both from the same fixture and compare). The address derivation also checks out: the C-address the module derives offline matched the on-chain deployment exactly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Feature: A new wallet module adding passkey support . Soroban smart wallets whose signer is a WebAuthn credential, verified on-chain through native secp256r1 (Protocol 21). Users create and use a wallet with Face ID / Touch ID / a fingerprint. No extension, no seed phrase.
We opened this #93, and built to follow the guidance shared here #90 : a regular module like the other wallets, with auth-entries signing as the realistic path and honest behavior where SEP-43's source-account assumption and contract accounts diverge. Related interest: #91.
What is the current behavior?
The kit has no passkey option. Every Stellar app that wants passkey smart wallets builds the WebAuthn plumbing, the Soroban payload construction, and the contract signature encoding from scratch, outside the kit.
What is the new behavior (if this is a feature change)?
A self-contained PasskeyModule under
src/sdk/modules/passkey/, registered like any other module:Behavior, mapped to the source-account discussion:
source/fee/sequence untouched for whoever submits (e.g. Launchtube). If the transaction carries no auth entries for the wallet, it rejects with an error explaining exactly that.
Zero new dependencies: @stellar/stellar-base and @std/encoding (already in the kit) plus the WebAuthn browser API. The two small pieces of signature math (DER → compact with low-S normalization, P-256 curve membership) are plain BigInt arithmetic over public data.
How it was verified:
implementation (test suite in the repo linked below).
Other information:
This is part of the SCF "Passkey UI" RFP, which requires the passkey SDK to be adopted into Stellar Wallets Kit rather than shipped as a parallel package. The compatibility knowledge behind the module's behavior (what breaks across devices/browsers, with fallbacks, verified on real hardware) lives here:
Live demo of this module: https://wallet-passkey-demo.vercel.app — and a recording is in the comments below.
One design question:
Is
HOT_WALLETthe rightModuleTypehere, or do smart accounts warrant a dedicated type for filtering? Happy to adjust.Two transparency notes: end-to-end verification against a deployed smart wallet on testnet is in progress on our side (coordinating with Tyler on the contract lineage) — I'll post the transaction link on this PR as soon as it lands. And the icon is an inlined SVG so the module ships without external assets; if you prefer it hosted on stellar.creit.tech like the others, point me and I'll switch.