stellar-sdk/com.soneso.stellar.sdk.smartaccount.oz/WebAuthnProvider/authenticate

authenticate

abstract suspend fun authenticate(challenge: ByteArray, allowCredentials: List<AllowCredential>? = null): WebAuthnAuthenticationResult

Authenticates with an existing WebAuthn credential (passkey assertion).

Triggers the platform's credential assertion flow, prompting the user to authenticate with their passkey using biometric authentication or a security key.

Flow:

  1. Platform shows biometric/security key prompt

  2. User authenticates with fingerprint, face, or security key

  3. Platform signs the challenge with the private key

  4. Returns signature and authenticator data

IMPORTANT: The challenge parameter MUST be used as-is in the WebAuthn authentication request. It is the authorization payload hash that must be signed to authorize the transaction.

Return

WebAuthnAuthenticationResult with signature and attestation data

Parameters

challenge

The challenge bytes to sign (authorization payload hash, 32 bytes)

allowCredentials

Optional list of credential descriptors with transport hints. Constrains which passkey the authenticator uses and indicates how the client can reach the authenticator. When null, discoverable credential selection is used (the user picks which passkey to use). Including transport hints (e.g., "hybrid") enables cross-device authentication flows such as QR code scanning.

Throws

WebAuthnException

if authentication fails or user cancels

Generated by Dokka
© 2026 Copyright