Js
JavaScript/Browser implementation of WebAuthnProvider using the Web Authentication API.
This provider uses navigator.credentials to create and assert WebAuthn credentials in a browser environment. It requests ES256 (secp256r1, algorithm -7) keys and returns the public key as an uncompressed 65-byte secp256r1 point (0x04 prefix + X + Y).
For public key extraction during registration, three strategies are used in order of preference:
response.getPublicKey()-- returns SubjectPublicKeyInfo (SPKI); the last 65 bytes are the uncompressed secp256r1 point. Preferred because it is the most direct path.Parse
authenticatorDatafrom the CBOR-encoded attestation object to locate the COSE key structure and extract the X/Y coordinates.Pattern-match the raw
attestationObjectbytes for the COSE ES256 key prefix (a5 01 02 03 26 20 01 21 58 20) and extract X/Y coordinates.
This class is only usable in browser environments. Attempting to use it in Node.js (where navigator.credentials is not available) will throw WebAuthnException.NotSupported.
Parameters
Relying party identifier (typically the origin domain, e.g. "example.com")
Human-readable relying party name displayed to the user during ceremonies
Timeout in milliseconds for WebAuthn operations (default: 60000ms)
Example usage:
val provider = JsWebAuthnProvider(
rpId = "example.com",
rpName = "My Stellar App"
)
// Register a new passkey
val registration = provider.register(
challenge = challengeBytes,
userId = userIdBytes,
userName = "alice@example.com"
)
println("Credential ID: ${registration.credentialId.size} bytes")
println("Public key: ${registration.publicKey.size} bytes")
// Authenticate with the passkey
val authentication = provider.authenticate(challenge = payloadHash)
println("Signature: ${authentication.signature.size} bytes")Functions
Authenticates with an existing WebAuthn credential (passkey assertion).