stellar-sdk/com.soneso.stellar.sdk.smartaccount.oz/OZWalletOperations/authenticatePasskey

authenticatePasskey

suspend fun authenticatePasskey(challenge: ByteArray? = null, credentialIds: List<String>? = null): AuthenticatePasskeyResult

Authenticates with a passkey without connecting to a wallet.

Use this when you need to authenticate the user before deciding which contract to connect to, or for signing operations that don't require a connected wallet state.

This method performs a WebAuthn authentication ceremony and returns the credential ID, signature, and public key without modifying the kit's connection state.

Typical usage patterns:

  1. Authenticate first, then discover contracts via indexer

  2. Authenticate for multi-signer operations

  3. Pre-authenticate before contract selection

Flow:

  1. Check for WebAuthn provider

  2. Generate random challenge (32 bytes)

  3. Call WebAuthn authentication (no credential filter - allow all)

  4. Extract signature from authentication result

  5. Normalize signature (DER to compact, low-S)

  6. Build WebAuthnSignature from normalized signature

  7. Look up stored credential for public key (best effort)

  8. Return result without modifying kit state

IMPORTANT: Requires a WebAuthnProvider to be configured in the kit config. Throws WEBAUTHN_NOT_SUPPORTED if no provider is configured.

Return

AuthenticatePasskeyResult with credential ID, signature, and public key

Parameters

challenge

Optional challenge bytes to sign. If null, generates random 32 bytes. Use this for specific transaction authorization flows.

credentialIds

Optional list of allowed credential IDs (Base64URL-encoded). If provided, only these credentials can be used for authentication.

Throws

if authentication fails or no provider configured

if signature normalization fails

Example:

// Step 1: Authenticate to get credential ID
val authResult = walletOps.authenticatePasskey()
println("Authenticated with credential: ${authResult.credentialId}")

// Step 2: Discover contracts via indexer
val response = kit.indexerClient?.lookupByCredentialId(authResult.credentialId)

// Step 3: Connect to the first contract found
val firstContract = response?.contracts?.firstOrNull()
if (firstContract != null) {
    val connected = walletOps.connectWallet(
        ConnectWalletOptions(
            credentialId = authResult.credentialId,
            contractId = firstContract.contractId
        )
    )
}
Content copied to clipboard
Generated by Dokka
© 2026 Copyright