đ˛Method 3: Passkey
Authentication via PassKey
1) Lighthouse Encryption WebAuthn Registration API
A. Start Registration Endpoint
Initiate the registration process by sending a request with the user's address.
Endpoint:
Method:
POST
Headers:
"Authorization": "Bearer <Your_Signed_Message_Token>"
Request Body Parameters:
address
: The user's wallet address.
Success Response:
Code: 200 OK
Content example:
B. Finish Registration Endpoint
Finalize the registration process with the provided credential data.
Endpoint:
Method:
POST
Request Body Parameters:
data
: An object containing the WebAuthn public key credential details:authenticatorAttachment
: Describes which attachment modality was selected by the user. Example:cross-platform
.id
: Credential ID generated by the authenticator. Example:Af_Afcbl3pONtRLg...kU-R0
.rawId
: Raw credential ID in binary form. Example:Af_Afcbl3pONtRLg...kU-R0
.response
: An object containing response details:attestationObject
: Contains attestation data for the created public key credential. Example:o2NmbXRkbm...TNsqfc0sY
.clientDataJSON
: Serialized client data used by the authenticator to generate the attestation object. Example:eyJ0eXBlIj...NzI6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0
.
type
: Type of the credential. Example:public-key
.
address
: The wallet address that the user wants to prove ownership of. Example:0x254511193Dd29f9c3c474c43B8d23C3d367Bc4A8
.signature
: The signature generated after signing the message provided by the previous endpoint (/api/message/<walletAddress>
).name
:This is the Name you are assigning to this credential (Options)
Success Response:
Code: 200 OK
Content:
Notes: A response of true
indicates successful registration with WebAuthn.
Error Responses for both endpoints:
Code: 400 Bad Request
Content:
Code: 401 Unauthorized
Content:
Code: 500 Internal Server Error
Content:
Notes & Usage:
The registration process involves two main steps:
Initiate the registration by sending the user's address to the
start
endpoint. This returns challenge data which is then used in the WebAuthnnavigator.credentials.create()
function.Complete the registration by sending the generated credential data to the
finish
endpoint.
Always ensure you handle the challenge data and serialized credential data securely.
Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated.
By following these steps, users can register securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the registration process.
2) Lighthouse Encryption WebAuthn Login API
A. Start Authentication Endpoint
Initiate the authentication process by sending a request with the user's address.
Endpoint:
Method:
POST
Request Body Parameters:
address
: The username or user's wallet address.
Success Response:
Code: 200 OK
Content example:
Content Body Parameters:
challenge
:type
: The type of buffer used. (e.g., "Buffer").data
: An array of numeric values representing the challenge data.
allowCredentials
(Array):credentialID
: The unique identifier for the WebAuthn credentialname
:This is the Name you are assigning to this credential (Options)
This structure provides a clearer, organized description of the given JSON payload.
B. Finish Authentication Endpoint
Finalize the authentication process with the provided credential data.
Endpoint:
Method:
POST
Request Body Parameters:
credentialID
: The unique identifier for the WebAuthn credential.data
: Contains details regarding the WebAuthn response and authenticator.authenticatorAttachment
: Describes the authenticator attachment modality, e.g., "cross-platform".id
: A unique identifier for the credential.rawId
: The raw identifier for the credential, often the same asid
.response
: Holds the components of the WebAuthn response.attestationObject
: The attestation structure after a successful WebAuthn registration.clientDataJSON
: A JSON representation of the client data, including the challenge, origin, type, and other details.signature
: The signature generated by the authenticator based on the client data.authenticatorData
: Contains information about the authentication event, including the counter and sometimes the user handle.
type
: The type of the public key credential, e.g., "public-key".
Success Response:
Code: 200 OK
Content:
Notes: The received token can be used for subsequent authenticated requests to the Lighthouse system.
Error Responses for both endpoints:
Code: 400 Bad Request
Content:
Code: 401 Unauthorized
Content:
Code: 500 Internal Server Error
Content:
Notes & Usage:
The authentication process consists of two main steps:
Initiate the authentication by sending the user's address to the
start
endpoint. This returns a public key challenge which is then used in the WebAuthnnavigator.credentials.get()
function.Complete the authentication by sending the generated credential data to the
finish
endpoint.
Always ensure you handle the challenge data and serialized credential data securely.
Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated.
By following these steps, users can authenticate securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the authentication process.
3) Lighthouse Encryption WebAuthn Delete Credential API
A. Delete Credential Endpoint
Remove the credential data based on the provided address and credential ID.
Endpoint:
Method:
DELETE
Headers:
Content-Type
:application/json
Authorization
:Bearer SIGNED_MESSAGE
Request Body Parameters:
address
: The Ethereum wallet address associated with the user.credentialID
: The unique identifier for the WebAuthn credential obtained from thestart
endpoint.
Success Response:
Code: 200
Notes: Successful response indicates the deletion of the specified credential.
Error Responses for both endpoints:
Code: 400 Bad Request
Content:
Code: 401 Unauthorized
Content:
Code: 500 Internal Server Error
Content:
Notes & Usage:
The authentication process consists of two main steps:
Initiate the authentication by sending the user's address to the
start
endpoint. This returns a Credential ID which can be used for further operations.Delete the credentials using the obtained
credentialID
and a signed message.
Always ensure you handle the public key and other data securely during operations.
Use the Bearer Authorization token (signed message) or JWT token for authenticating API requests
By following these steps, users can manage their credentials securely with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the process.
Last updated