Skip to content

Configure WebAuthn for Biometric Authentication [wallet - service]Β #152

New issue
New issue
Open
#161
Open
Configure WebAuthn for Biometric Authentication [wallet - service]#152
#161
Assignees
Benjtalkshow
Labels
onlydust-waveContribute to awesome OSS repos during OnlyDust's open source week
@salazarsebas

Description

@salazarsebas
salazarsebas
opened on Sep 23, 2025

πŸ”‘ Configure WebAuthn for Biometric Authentication πŸ› οΈ

πŸ“ Description

Configure the WebAuthn library to enable biometric authentication (e.g., fingerprint or Face ID) for the Stellar wallet service. This setup will provide secure user authentication by leveraging WebAuthn’s public key cryptography, preparing the service for registering and verifying user credentials in subsequent issues. The configuration will establish the server as a Relying Party (RP) for WebAuthn.

🎯 Objective

Set up WebAuthn in services/stellar-wallet/src/auth/webauthn.js to initialize the server as a Relying Party and provide functions for generating registration and verification options.

πŸ—‚ Structure

  • Directory: services/stellar-wallet
  • Files:
    • src/auth/webauthn.js
    • package.json (updated)
  • Expected structure: 
    services/stellar-wallet
β”œβ”€β”€ src
β”‚   β”œβ”€β”€ index.js
β”‚   β”œβ”€β”€ stellar
β”‚   β”‚   β”œβ”€β”€ client.js
β”‚   β”‚   β”œβ”€β”€ keys.js
β”‚   β”‚   └── fund.js
β”‚   β”œβ”€β”€ db
β”‚   β”‚   └── kyc.js
β”‚   β”œβ”€β”€ routes
β”‚   β”‚   β”œβ”€β”€ kyc.js
β”‚   β”‚   β”œβ”€β”€ kyc-verify.js
β”‚   β”‚   └── kyc-status.js
β”‚   β”œβ”€β”€ kyc
β”‚   β”‚   └── validate.js
β”‚   β”œβ”€β”€ soroban
β”‚   β”‚   β”œβ”€β”€ client.js
β”‚   β”‚   β”œβ”€β”€ kyc-contract.rs
β”‚   β”‚   └── deploy.js
β”‚   └── auth
β”‚       └── webauthn.js
β”œβ”€β”€ config
β”‚   └── db.sqlite
β”œβ”€β”€ tests
β”‚   β”œβ”€β”€ stellar
β”‚   β”‚   β”œβ”€β”€ client.test.js
β”‚   β”‚   β”œβ”€β”€ keys.test.js
β”‚   β”‚   └── fund.test.js
β”‚   β”œβ”€β”€ db
β”‚   β”‚   └── kyc.test.js
β”‚   β”œβ”€β”€ routes
β”‚   β”‚   β”œβ”€β”€ kyc.test.js
β”‚   β”‚   β”œβ”€β”€ kyc-verify.test.js
β”‚   β”‚   └── kyc-status.test.js
β”‚   β”œβ”€β”€ kyc
β”‚   β”‚   └── validate.test.js
β”‚   └── soroban
β”‚       β”œβ”€β”€ client.test.js
β”‚       └── deploy.test.js
β”œβ”€β”€ package.json
β”œβ”€β”€ .env.example
β”œβ”€β”€ .eslintrc.json
β”œβ”€β”€ .eslintignore
β”œβ”€β”€ .prettierrc.json
β”œβ”€β”€ .prettierignore
β”œβ”€β”€ .gitignore

βœ… Requirements

  • Create a branch named feat/webauthn-config for this task.
  • Install the WebAuthn server library using npm install @simplewebauthn/server.
  • Update package.json to include @simplewebauthn/server as a dependency.
  • Create src/auth/webauthn.js with functions:
    • configureWebAuthn: Initializes the WebAuthn server as a Relying Party with configuration (e.g., RP name, ID, and origin from .env).
    • generateRegistrationOptions: Generates WebAuthn registration options for a user.
    • generateAuthenticationOptions: Generates WebAuthn authentication options for a user.
  • Add environment variables to .env.example for WebAuthn configuration (e.g., RP_NAME, RP_ID, ORIGIN).
  • Set RP_NAME to a descriptive name (e.g., Stellar Wallet), RP_ID to the server domain (e.g., localhost for development), and ORIGIN to the server URL (e.g., http://localhost:3000).
  • Ensure the functions produce valid WebAuthn options compatible with browser-based authenticators (e.g., fingerprint or Face ID).
  • Ensure the code adheres to ESLint and Prettier rules (from Issue 3).
  • Commit changes to the feat/webauthn-config branch with a message like feat: configure webauthn.
  • Verify that the CI pipeline (from Issue 1) passes, with linting succeeding (no tests required for this issue).

πŸ† Expected Outcomes

  • @simplewebauthn/server is installed and listed in package.json.
  • src/auth/webauthn.js contains configureWebAuthn, generateRegistrationOptions, and generateAuthenticationOptions functions.
  • WebAuthn is configured as a Relying Party with values from environment variables.
  • .env.example includes RP_NAME, RP_ID, and ORIGIN for WebAuthn configuration.
  • Code passes ESLint and Prettier checks.
  • Changes are committed to the feat/webauthn-config branch with a descriptive lowercase commit message.
  • CI pipeline runs successfully, with linting passing for src/auth/webauthn.js.

πŸ”— References

πŸ“‹ Notes

  • The RP_ID should be set to localhost for development but updated to the production domain later.
  • The ORIGIN must match the server’s URL to ensure compatibility with WebAuthn clients.
  • No unit tests are required in this issue, as testing will be covered in subsequent issues for registration and authentication.
  • Ensure environment variables are documented in .env.example without sensitive values.
  • Commit messages must be in lowercase and start with feat, change, fix, chore, or refactor.
  • The CI pipeline should validate the new code, ensuring ESLint passes for src/auth/webauthn.js.

Metadata

Metadata

Assignees

Labels

onlydust-waveContribute to awesome OSS repos during OnlyDust's open source week

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions