stellar-sdk/com.soneso.stellar.sdk.smartaccount/JsWebAuthnProvider/authenticate

authenticate

open suspend override fun authenticate(challenge: ByteArray, allowCredentials: List<AllowCredential>?): WebAuthnAuthenticationResult

Authenticates with an existing WebAuthn credential (passkey assertion).

Calls navigator.credentials.get() with PublicKeyCredentialRequestOptions. The returned signature is in DER-encoded ECDSA format. Callers should use SmartAccountUtils.normalizeSignature to convert to compact format with low-S normalization before submitting to the Stellar network.

Return

WebAuthnAuthenticationResult with credential ID, authenticator data, client data JSON, and DER-encoded signature

Parameters

challenge

The challenge bytes to sign (authorization payload hash, typically 32 bytes)

allowCredentials

Optional list of credential descriptors with optional transport hints to restrict authentication to specific passkeys. When AllowCredential.transports is non-null, the transport hints are forwarded to the browser to enable cross-device flows (e.g. QR code scanning via "hybrid"). If null, all registered passkeys for this RP are eligible.

Throws

WebAuthnException.NotSupported

if WebAuthn is not available (e.g. Node.js)

WebAuthnException.Cancelled

if the user dismissed the authentication prompt

WebAuthnException.AuthenticationFailed

for any other authentication error