feat(passkeys): Implement passkey module with create and get methods, and integrate into Home screen

Author: subhankarmaiti

example/android/app/src/main/java/com/auth0example/MainApplication.kt

@@ -14,8 +14,7 @@ class MainApplication : Application(), ReactApplication {
       context = applicationContext,
       packageList =
         PackageList(this).packages.apply {
-          // Packages that cannot be autolinked yet can be added manually here, for example:
-          // add(MyReactNativePackage())
+          add(PasskeyPackage())
         },
     )
   }

example/android/app/src/main/java/com/auth0example/PasskeyModule.kt

@@ -0,0 +1,85 @@
+package com.auth0example
+
+import android.app.Activity
+import android.os.Build
+import androidx.credentials.CreatePublicKeyCredentialRequest
+import androidx.credentials.CreatePublicKeyCredentialResponse
+import androidx.credentials.CredentialManager
+import androidx.credentials.GetCredentialRequest
+import androidx.credentials.GetPublicKeyCredentialOption
+import androidx.credentials.PublicKeyCredential
+import androidx.credentials.exceptions.CreateCredentialCancellationException
+import androidx.credentials.exceptions.GetCredentialCancellationException
+import com.facebook.react.bridge.Promise
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.bridge.ReactContextBaseJavaModule
+import com.facebook.react.bridge.ReactMethod
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+
+class PasskeyModule(reactContext: ReactApplicationContext) :
+    ReactContextBaseJavaModule(reactContext) {
+
+    override fun getName(): String = "PasskeyModule"
+
+    @ReactMethod
+    fun createPasskey(requestJson: String, promise: Promise) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+            promise.reject("PASSKEY_NOT_AVAILABLE", "Passkeys require Android API 28 or later")
+            return
+        }
+
+        val activity: Activity = reactApplicationContext.currentActivity
+            ?: run {
+                promise.reject("PASSKEY_FAILED", "No activity available")
+                return
+            }
+
+        val credentialManager = CredentialManager.create(reactApplicationContext)
+        val createRequest = CreatePublicKeyCredentialRequest(requestJson = requestJson)
+
+        CoroutineScope(Dispatchers.Main).launch {
+            try {
+                val result = credentialManager.createCredential(activity, createRequest)
+                val response = result as CreatePublicKeyCredentialResponse
+                promise.resolve(response.registrationResponseJson)
+            } catch (e: CreateCredentialCancellationException) {
+                promise.reject("USER_CANCELLED", "User cancelled passkey creation", e)
+            } catch (e: Exception) {
+                promise.reject("PASSKEY_FAILED", e.message, e)
+            }
+        }
+    }
+
+    @ReactMethod
+    fun getPasskey(requestJson: String, promise: Promise) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+            promise.reject("PASSKEY_NOT_AVAILABLE", "Passkeys require Android API 28 or later")
+            return
+        }
+
+        val activity: Activity = reactApplicationContext.currentActivity
+            ?: run {
+                promise.reject("PASSKEY_FAILED", "No activity available")
+                return
+            }
+
+        val credentialManager = CredentialManager.create(reactApplicationContext)
+        val getRequest = GetCredentialRequest(
+            listOf(GetPublicKeyCredentialOption(requestJson = requestJson))
+        )
+
+        CoroutineScope(Dispatchers.Main).launch {
+            try {
+                val result = credentialManager.getCredential(activity, getRequest)
+                val credential = result.credential as PublicKeyCredential
+                promise.resolve(credential.authenticationResponseJson)
+            } catch (e: GetCredentialCancellationException) {
+                promise.reject("USER_CANCELLED", "User cancelled passkey assertion", e)
+            } catch (e: Exception) {
+                promise.reject("PASSKEY_FAILED", e.message, e)
+            }
+        }
+    }
+}

example/android/app/src/main/java/com/auth0example/PasskeyPackage.kt

@@ -0,0 +1,16 @@
+package com.auth0example
+
+import com.facebook.react.ReactPackage
+import com.facebook.react.bridge.NativeModule
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.uimanager.ViewManager
+
+class PasskeyPackage : ReactPackage {
+    override fun createNativeModules(reactContext: ReactApplicationContext): List<NativeModule> {
+        return listOf(PasskeyModule(reactContext))
+    }
+
+    override fun createViewManagers(reactContext: ReactApplicationContext): List<ViewManager<*, *>> {
+        return emptyList()
+    }
+}

example/ios/Auth0Example.xcodeproj/project.pbxproj

@@ -12,6 +12,8 @@
 		815544A03F48449898D8605F /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */; };
 		81AB9BB82411601600AC10FF /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */; };
 		E99D02CA2DCD372E003D3E67 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = E99D02C92DCD372E003D3E67 /* AppDelegate.swift */; };
+		E99D02D32DCD3730003D3E67 /* PasskeyModule.swift in Sources */ = {isa = PBXBuildFile; fileRef = E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */; };
+		E99D02D42DCD3730003D3E67 /* PasskeyModule.m in Sources */ = {isa = PBXBuildFile; fileRef = E99D02D12DCD3730003D3E67 /* PasskeyModule.m */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -35,6 +37,9 @@
 		81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.storyboard; name = LaunchScreen.storyboard; path = Auth0Example/LaunchScreen.storyboard; sourceTree = "<group>"; };
 		C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xml; name = PrivacyInfo.xcprivacy; path = Auth0Example/PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
 		E99D02C92DCD372E003D3E67 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
+		E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = PasskeyModule.swift; path = Auth0Example/PasskeyModule.swift; sourceTree = "<group>"; };
+		E99D02D12DCD3730003D3E67 /* PasskeyModule.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = PasskeyModule.m; path = Auth0Example/PasskeyModule.m; sourceTree = "<group>"; };
+		E99D02D22DCD3730003D3E67 /* Auth0Example-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "Auth0Example-Bridging-Header.h"; path = "Auth0Example/Auth0Example-Bridging-Header.h"; sourceTree = "<group>"; };
 		ED297162215061F000B7C4FE /* JavaScriptCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = JavaScriptCore.framework; path = System/Library/Frameworks/JavaScriptCore.framework; sourceTree = SDKROOT; };
 /* End PBXFileReference section */
 
@@ -65,6 +70,9 @@
 				81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */,
 				C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */,
 				E99D02C92DCD372E003D3E67 /* AppDelegate.swift */,
+				E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */,
+				E99D02D12DCD3730003D3E67 /* PasskeyModule.m */,
+				E99D02D22DCD3730003D3E67 /* Auth0Example-Bridging-Header.h */,
 			);
 			name = Auth0Example;
 			sourceTree = "<group>";
@@ -323,6 +331,8 @@
 			buildActionMask = 2147483647;
 			files = (
 				E99D02CA2DCD372E003D3E67 /* AppDelegate.swift in Sources */,
+				E99D02D32DCD3730003D3E67 /* PasskeyModule.swift in Sources */,
+				E99D02D42DCD3730003D3E67 /* PasskeyModule.m in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};

example/ios/Auth0Example/Auth0Example-Bridging-Header.h

@@ -0,0 +1 @@
+#import <React/RCTBridgeModule.h>

example/ios/Auth0Example/PasskeyModule.m

@@ -0,0 +1,17 @@
+#import <React/RCTBridgeModule.h>
+
+@interface RCT_EXTERN_MODULE(PasskeyModule, NSObject)
+
+RCT_EXTERN_METHOD(createPasskey:(NSString *)requestJson
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getPasskey:(NSString *)requestJson
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
++ (BOOL)requiresMainQueueSetup {
+  return YES;
+}
+
+@end

example/ios/Auth0Example/PasskeyModule.swift

@@ -0,0 +1,196 @@
+import AuthenticationServices
+import Foundation
+
+@available(iOS 16.6, *)
+@objc(PasskeyModule)
+class PasskeyModule: NSObject {
+
+  @objc static func requiresMainQueueSetup() -> Bool {
+    return true
+  }
+
+  @objc func createPasskey(_ requestJson: String, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    guard #available(iOS 16.6, *) else {
+      reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+      return
+    }
+
+    guard let data = requestJson.data(using: .utf8),
+          let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+      reject("PASSKEY_FAILED", "Invalid request JSON", nil)
+      return
+    }
+
+    guard let rp = json["rp"] as? [String: Any],
+          let rpId = rp["id"] as? String,
+          let challengeStr = json["challenge"] as? String,
+          let challengeData = Data(base64URLEncoded: challengeStr),
+          let user = json["user"] as? [String: Any],
+          let userName = user["name"] as? String,
+          let userIdStr = user["id"] as? String,
+          let userId = Data(base64URLEncoded: userIdStr) else {
+      reject("PASSKEY_FAILED", "Missing required fields: rp.id, challenge, user.id, user.name", nil)
+      return
+    }
+
+    let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: rpId)
+    let request = provider.createCredentialRegistrationRequest(challenge: challengeData, name: userName, userID: userId)
+
+    let delegate = AuthorizationDelegate { credential in
+      guard let registration = credential as? ASAuthorizationPlatformPublicKeyCredentialRegistration else {
+        reject("PASSKEY_FAILED", "Unexpected credential type", nil)
+        return
+      }
+      let result: [String: Any] = [
+        "id": registration.credentialID.base64URLEncodedString(),
+        "rawId": registration.credentialID.base64URLEncodedString(),
+        "type": "public-key",
+        "response": [
+          "clientDataJSON": registration.rawClientDataJSON.base64URLEncodedString(),
+          "attestationObject": (registration.rawAttestationObject ?? Data()).base64URLEncodedString()
+        ],
+        "authenticatorAttachment": "platform"
+      ]
+      if let jsonData = try? JSONSerialization.data(withJSONObject: result),
+         let jsonString = String(data: jsonData, encoding: .utf8) {
+        resolve(jsonString)
+      } else {
+        reject("PASSKEY_FAILED", "Failed to serialize credential response", nil)
+      }
+    } onError: { error in
+      if let authError = error as? ASAuthorizationError, authError.code == .canceled {
+        reject("USER_CANCELLED", "User cancelled passkey creation", error)
+      } else {
+        reject("PASSKEY_FAILED", error.localizedDescription, error)
+      }
+    }
+
+    let controller = ASAuthorizationController(authorizationRequests: [request])
+    controller.delegate = delegate
+    controller.presentationContextProvider = delegate
+    objc_setAssociatedObject(controller, "delegate", delegate, .OBJC_ASSOCIATION_RETAIN_NONATOMIC)
+    controller.performRequests()
+  }
+
+  @objc func getPasskey(_ requestJson: String, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    guard #available(iOS 16.6, *) else {
+      reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+      return
+    }
+
+    guard let data = requestJson.data(using: .utf8),
+          let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+      reject("PASSKEY_FAILED", "Invalid request JSON", nil)
+      return
+    }
+
+    guard let challengeStr = json["challenge"] as? String,
+          let challengeData = Data(base64URLEncoded: challengeStr) else {
+      reject("PASSKEY_FAILED", "Missing required 'challenge' field", nil)
+      return
+    }
+
+    let rpId = json["rpId"] as? String ?? ""
+    let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: rpId)
+    let assertionRequest = provider.createCredentialAssertionRequest(challenge: challengeData)
+
+    if let allowCredentials = json["allowCredentials"] as? [[String: Any]] {
+      assertionRequest.allowedCredentials = allowCredentials.compactMap { cred in
+        guard let idStr = cred["id"] as? String,
+              let idData = Data(base64URLEncoded: idStr) else { return nil }
+        return ASAuthorizationPlatformPublicKeyCredentialDescriptor(credentialID: idData)
+      }
+    }
+
+    let delegate = AuthorizationDelegate { credential in
+      guard let assertion = credential as? ASAuthorizationPlatformPublicKeyCredentialAssertion else {
+        reject("PASSKEY_FAILED", "Unexpected credential type", nil)
+        return
+      }
+      var response: [String: Any] = [
+        "clientDataJSON": assertion.rawClientDataJSON.base64URLEncodedString(),
+        "authenticatorData": assertion.rawAuthenticatorData.base64URLEncodedString(),
+        "signature": assertion.signature.base64URLEncodedString()
+      ]
+      if let userHandle = assertion.userID {
+        response["userHandle"] = userHandle.base64URLEncodedString()
+      }
+      let result: [String: Any] = [
+        "id": assertion.credentialID.base64URLEncodedString(),
+        "rawId": assertion.credentialID.base64URLEncodedString(),
+        "type": "public-key",
+        "response": response,
+        "authenticatorAttachment": "platform"
+      ]
+      if let jsonData = try? JSONSerialization.data(withJSONObject: result),
+         let jsonString = String(data: jsonData, encoding: .utf8) {
+        resolve(jsonString)
+      } else {
+        reject("PASSKEY_FAILED", "Failed to serialize credential response", nil)
+      }
+    } onError: { error in
+      if let authError = error as? ASAuthorizationError, authError.code == .canceled {
+        reject("USER_CANCELLED", "User cancelled passkey assertion", error)
+      } else {
+        reject("PASSKEY_FAILED", error.localizedDescription, error)
+      }
+    }
+
+    let controller = ASAuthorizationController(authorizationRequests: [assertionRequest])
+    controller.delegate = delegate
+    controller.presentationContextProvider = delegate
+    objc_setAssociatedObject(controller, "delegate", delegate, .OBJC_ASSOCIATION_RETAIN_NONATOMIC)
+    controller.performRequests()
+  }
+}
+
+// MARK: - Authorization Delegate
+
+@available(iOS 16.6, *)
+private class AuthorizationDelegate: NSObject, ASAuthorizationControllerDelegate, ASAuthorizationControllerPresentationContextProviding {
+  private let onSuccess: (ASAuthorizationCredential) -> Void
+  private let onError: (Error) -> Void
+
+  init(onSuccess: @escaping (ASAuthorizationCredential) -> Void, onError: @escaping (Error) -> Void) {
+    self.onSuccess = onSuccess
+    self.onError = onError
+    super.init()
+  }
+
+  func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
+    onSuccess(authorization.credential)
+  }
+
+  func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) {
+    onError(error)
+  }
+
+  func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {
+    return UIApplication.shared.connectedScenes
+      .compactMap { $0 as? UIWindowScene }
+      .flatMap { $0.windows }
+      .first { $0.isKeyWindow } ?? ASPresentationAnchor()
+  }
+}
+
+// MARK: - Data Base64URL Extensions
+
+private extension Data {
+  init?(base64URLEncoded string: String) {
+    var base64 = string
+      .replacingOccurrences(of: "-", with: "+")
+      .replacingOccurrences(of: "_", with: "/")
+    let remainder = base64.count % 4
+    if remainder > 0 {
+      base64.append(String(repeating: "=", count: 4 - remainder))
+    }
+    self.init(base64Encoded: base64)
+  }
+
+  func base64URLEncodedString() -> String {
+    return self.base64EncodedString()
+      .replacingOccurrences(of: "+", with: "-")
+      .replacingOccurrences(of: "/", with: "_")
+      .replacingOccurrences(of: "=", with: "")
+  }
+}

example/src/passkey/PasskeyModule.ts

@@ -0,0 +1,23 @@
+import { NativeModules, Platform } from 'react-native';
+
+const { PasskeyModule } = NativeModules;
+
+export async function createPasskey(
+  options: Record<string, any>
+): Promise<string> {
+  if (Platform.OS === 'web') {
+    throw new Error('Passkeys are not supported on web');
+  }
+  const requestJson = JSON.stringify(options);
+  return PasskeyModule.createPasskey(requestJson);
+}
+
+export async function getPasskey(
+  options: Record<string, any>
+): Promise<string> {
+  if (Platform.OS === 'web') {
+    throw new Error('Passkeys are not supported on web');
+  }
+  const requestJson = JSON.stringify(options);
+  return PasskeyModule.getPasskey(requestJson);
+}