Adds passkey handler + removes webauthn

.vscode/settings.json

@@ -1 +1,6 @@
-{}
+{
+  "editor.tabSize": 2,
+  "editor.codeActionsOnSave": {
+    "source.fixAll": "explicit"
+  }
+}

package.json

@@ -38,6 +38,7 @@
     "@toruslabs/fetch-node-details": "^13.0.4",
     "@toruslabs/http-helpers": "^5.0.0",
     "@toruslabs/metadata-helpers": "^5.0.0",
+    "@toruslabs/openlogin-session-manager": "^3.0.0",
     "@toruslabs/torus.js": "^12.0.1",
     "base64url": "^3.0.1",
     "bowser": "^2.11.0",

src/handlers/HandlerFactory.ts

@@ -5,10 +5,10 @@ import GoogleHandler from "./GoogleHandler";
 import { CreateHandlerParams, ILoginHandler } from "./interfaces";
 import JwtHandler from "./JwtHandler";
 import MockLoginHandler from "./MockLoginHandler";
+import PasskeysHandler from "./PasskeysHandler";
 import PasswordlessHandler from "./PasswordlessHandler";
 import RedditHandler from "./RedditHandler";
 import TwitchHandler from "./TwitchHandler";
-import WebAuthnHandler from "./WebAuthnHandler";
 
 const createHandler = ({
   clientId,
@@ -19,7 +19,6 @@ const createHandler = ({
   redirectToOpener,
   uxMode,
   customState,
-  registerOnly,
 }: CreateHandlerParams): ILoginHandler => {
   if (!verifier || !typeOfLogin || !clientId) {
     throw new Error("Invalid params");
@@ -52,8 +51,8 @@ const createHandler = ({
       }
       if (!domain) throw new Error("Invalid params");
       return new JwtHandler(clientId, verifier, redirect_uri, typeOfLogin, uxMode, redirectToOpener, jwtParams, customState);
-    case LOGIN.WEBAUTHN:
-      return new WebAuthnHandler(clientId, verifier, redirect_uri, typeOfLogin, uxMode, redirectToOpener, jwtParams, customState, registerOnly);
+    case LOGIN.PASSKEYS:
+      return new PasskeysHandler(clientId, verifier, redirect_uri, typeOfLogin, uxMode, redirectToOpener, jwtParams, customState);
     default:
       throw new Error("Invalid login type");
   }

src/handlers/PasskeysHandler.ts

@@ -0,0 +1,92 @@
+import base64url from "base64url";
+import deepmerge from "lodash.merge";
+import log from "loglevel";
+
+import { LOGIN_TYPE, UX_MODE_TYPE } from "../utils/enums";
+import { fetchDataFromBroadcastServer } from "../utils/sessionHelper";
+import AbstractLoginHandler from "./AbstractLoginHandler";
+import { Auth0ClientOptions, LoginWindowResponse, PasskeySessionData, TorusGenericObject, TorusVerifierResponse } from "./interfaces";
+
+export default class WebAuthnHandler extends AbstractLoginHandler {
+  constructor(
+    readonly clientId: string,
+    readonly verifier: string,
+    readonly redirect_uri: string,
+    readonly typeOfLogin: LOGIN_TYPE,
+    readonly uxMode: UX_MODE_TYPE,
+    readonly redirectToOpener?: boolean,
+    readonly jwtParams?: Auth0ClientOptions,
+    readonly customState?: TorusGenericObject
+  ) {
+    super(clientId, verifier, redirect_uri, typeOfLogin, uxMode, redirectToOpener, jwtParams, customState);
+    this.setFinalUrl();
+  }
+
+  setFinalUrl(): void {
+    const { passkeysHostUrl } = this.customState || {};
+    const finalUrl = passkeysHostUrl ? new URL(passkeysHostUrl) : new URL("https://passkeys.web3auth.io");
+    const clonedParams = JSON.parse(JSON.stringify(this.jwtParams || {}));
+    const finalJwtParams = deepmerge(
+      {
+        state: this.state,
+        client_id: this.clientId,
+        redirect_uri: this.redirect_uri,
+      },
+      clonedParams
+    );
+    Object.keys(finalJwtParams).forEach((key) => {
+      if (finalJwtParams[key]) finalUrl.searchParams.append(key, finalJwtParams[key]);
+    });
+    log.info("final url", finalUrl);
+    this.finalURL = finalUrl;
+  }
+
+  async getUserInfo(parameters: LoginWindowResponse): Promise<TorusVerifierResponse> {
+    const { idToken, extraParams } = parameters;
+
+    const { sessionId } = JSON.parse(base64url.decode(extraParams)) || {};
+    log.info("sessionId", sessionId);
+    if (!sessionId) {
+      throw new Error("sessionId not found");
+    }
+
+    const {
+      verifier_id: verifierId,
+      signature,
+      clientDataJSON,
+      authenticatorData,
+      publicKey,
+      challenge,
+      rpOrigin,
+      rpId,
+      credId,
+      transports,
+      username,
+    } = await fetchDataFromBroadcastServer<PasskeySessionData>(sessionId);
+
+    if (signature !== idToken) {
+      throw new Error("idtoken should be equal to signature");
+    }
+
+    return {
+      email: "",
+      name: "WebAuthn Login",
+      profileImage: "",
+      verifier: this.verifier,
+      verifierId,
+      typeOfLogin: this.typeOfLogin,
+      extraVerifierParams: {
+        signature,
+        clientDataJSON,
+        authenticatorData,
+        publicKey,
+        challenge,
+        rpOrigin,
+        rpId,
+        credId,
+        transports,
+        username,
+      },
+    };
+  }
+}

src/handlers/interfaces.ts

@@ -25,15 +25,17 @@ export interface ExtraParams {
   [key: string]: unknown;
 }
 
-export type WebAuthnExtraParams = {
+export type PasskeyExtraParams = {
   signature?: string;
   clientDataJSON?: string;
   authenticatorData?: string;
   publicKey?: string;
   challenge?: string;
   rpOrigin?: string;
+  rpId?: string;
   credId?: string;
   transports?: AuthenticatorTransport[];
+  username?: string;
 };
 export interface TorusVerifierResponse {
   email: string;
@@ -44,14 +46,13 @@ export interface TorusVerifierResponse {
   verifierId: string;
   typeOfLogin: LOGIN_TYPE;
   ref?: string;
-  registerOnly?: boolean;
-  extraVerifierParams?: WebAuthnExtraParams;
+  extraVerifierParams?: PasskeyExtraParams;
 }
 
 export interface TorusSubVerifierInfo {
   verifier: string;
   idToken: string;
-  extraVerifierParams?: WebAuthnExtraParams;
+  extraVerifierParams?: PasskeyExtraParams;
 }
 
 export interface LoginWindowResponse {
@@ -386,15 +387,14 @@ export interface CreateHandlerParams {
   redirectToOpener?: boolean;
   jwtParams?: Auth0ClientOptions;
   customState?: TorusGenericObject;
-  registerOnly?: boolean;
 }
 
 export interface RedirectResultParams {
   replaceUrl?: boolean;
   clearLoginDetails?: boolean;
 }
 
-export type SingleLoginParams = SubVerifierDetails & { registerOnly?: boolean };
+export type SingleLoginParams = SubVerifierDetails;
 
 export interface AggregateLoginParams {
   aggregateVerifierType: AGGREGATE_VERIFIER_TYPE;
@@ -428,3 +428,17 @@ export type AggregateVerifierParams = {
   sub_verifier_ids: string[];
   verifier_id: string;
 };
+
+export type PasskeySessionData = {
+  verifier_id: string;
+  signature: string;
+  clientDataJSON: string;
+  authenticatorData: string;
+  publicKey: string;
+  challenge: string;
+  rpOrigin: string;
+  rpId: string;
+  credId: string;
+  transports: AuthenticatorTransport[];
+  username: string;
+};