stellar-sdk/com.soneso.stellar.sdk.smartaccount/AppleWebAuthnProvider/authenticate

authenticate

open suspend override fun authenticate(challenge: ByteArray, allowCredentials: List<AllowCredential>?): WebAuthnAuthenticationResult

Authenticates with an existing WebAuthn credential (passkey assertion) using Apple's AuthenticationServices framework.

Triggers the platform authenticator (Touch ID / Face ID) to sign the provided challenge with an existing passkey. The resulting signature can be used to authorize Stellar smart account transactions.

The challenge bytes are passed directly to the platform authenticator without modification.

Transport hints in AllowCredential.transports are intentionally ignored. ASAuthorizationPlatformPublicKeyCredentialDescriptor has no API for transport hints — Apple manages hybrid and cross-device flows at the OS level.

Return

WebAuthnAuthenticationResult with credential ID, authenticator data, client data JSON, and DER-encoded signature

Parameters

challenge

The challenge bytes to sign (authorization payload hash, typically 32 bytes)

allowCredentials

Optional list of AllowCredential entries to restrict authentication to specific passkeys. Only the credential ID is used; transport hints are ignored. If null or empty, all registered passkeys for the relying party are eligible.

Throws

WebAuthnException.Cancelled

if the user dismissed the authentication dialog

WebAuthnException.NotSupported

if passkeys are not available on this device

WebAuthnException.AuthenticationFailed

if assertion fails for any other reason