Upgrade Authentication with Passkey Integration System

[AndlerRL]

Context

We are transitioning from Supabase Auth with email + OTP to a custom NextAuth implementation that uses passkeys as the primary authentication method. The existing OTP system will be repurposed as part of our account recovery process.

Current System

Our platform currently uses Supabase Auth with:

• Email-based authentication.
• OTP verification for each login.
• Session management through Supabase.

Acceptance Criteria:

• Implement WebAuthn registration API flow.
• Create passkey verification hooks.
• Integrate Soroban smart contract call to resolve challenge and return pair keys.
• Add device management calls.
• Remove the password input field and replace with a passkey request.

Development Notes:

• By making the passkey hook, you may create this for the auth session context. By creating the hook, you will be implementing the SC action calls.
• When the passkey is completed, is there when we send the attestation to the SC.
• Use native WebAuthN Auth API to get and create the device keys.
• See this Passkey with Soroban SC POC.

Blocker

• Upgrade Authentication with NextAuth System Setup #44 : It is required to have the NextAuth custom provider to be able to move to success screen, otherwise the flow cannot be completed. Nevertheless, most of the process can be completed in the client side.

Related

• Initial Database Architecture Setup #43
• Upgrade Authentication with NextAuth System Setup #44

[jancris100]

Hi I'm Jan, I'm from dojo coding
I contributed on projects as dojo
Can assign me this issue to me?

[Elite-tch]

Could I be assigned to this?

[Jagadeeshftw]

Proposal to Work on the Issue

I am eager to contribute to this issue and believe I am well-suited for the task, given my extensive experience in Cairo programming and building decentralized applications on StarkNet. My expertise spans across multiple domains crucial for this implementation:

• Smart Contracts & Blockchain Development: Proven expertise in StarkNet, Stellar, and Rust, with hands-on experience in developing secure and efficient smart contracts, blockchain integrations, and high-performance backend systems.
• Backend Engineering: Strong background in designing and managing scalable APIs, handling server-side operations, and ensuring robust backend performance for blockchain applications.
• Frontend Development: Proficient in building intuitive and responsive frontend interfaces using React and Next.js, ensuring seamless interaction between users and blockchain-based applications.

Why Assign This to Me?

I have a track record of delivering high-quality solutions efficiently, with a deep understanding of smart contract security, decentralized architectures, and full-stack development. My ability to bridge frontend, backend, and blockchain components ensures a well-rounded, optimized solution.

Estimated Timeline

I anticipate delivering a fully functional solution within 2 days. Please let me know if I can proceed.

I am excited about the opportunity to contribute and look forward to collaborating!

Best regards,
Jagadeesh B

[espaciofuturoio]

Hi, I am Ruben and I am a full-stack developer.

This is complex task that require backend end fronted integration to be secure implementation (the challenge must never be generate in the client). I will create the backend route that handle the complex logic about the challenge with smart contract and two hooks usePasskeyRegistration and usePasskeyAuthentication.

A. Registration Routes:
GET /generate-registration-options: Generates options needed for registering a new passkey.
POST /verify-registration: Verifies the registration response from the client.
B. Authentication Routes:
GET /generate-authentication-options: Generates options needed for authenticating a user with a passkey.
POST /verify-authentication: Verifies the authentication response from the client.

I suggest to use @simplewebauthn and https://github.com/kalepail/soroban-passkey/blob/main/src/lib/webauthn.ts, https://github.com/kalepail/soroban-passkey/blob/99144b309f7159fc7a9b543d3b81e169104e5ecc/ext/capacitor-native-webauthn/src/web.ts#L2 as references.

ETA: three days.

[1nonlypiece]

Application for Contribution

I am excited about the opportunity to contribute to this issue and am confident that my expertise aligns well with the requirements. With a strong background in Cairo programming and decentralized application development on StarkNet, I bring a well-rounded skill set to deliver an effective solution.

Relevant Expertise

• Blockchain & Smart Contracts: Extensive experience with StarkNet, Stellar, and Rust, specializing in developing secure and optimized smart contracts, blockchain integrations, and high-performance backend infrastructure.
• Backend Development: Well-versed in API design, server-side logic, and scalable system architecture, ensuring efficient and seamless backend performance.
• Frontend Engineering: Skilled in crafting interactive and responsive UI components using React and Next.js, enhancing the user experience for blockchain-based platforms.

Why Consider My Application?

My proven track record of delivering high-quality, optimized solutions in blockchain and full-stack development sets me apart. I have a deep understanding of smart contract security, decentralized architectures, and the synergy between frontend, backend, and blockchain layers—ensuring a seamless and efficient implementation.

ETA

I expect to have a working solution ready within 48 hours. Please let me know if I can proceed with the implementation.

[AndlerRL]

@espaciofuturoio what is your status with this issue?

[espaciofuturoio]

@AndlerRL it is still in progress. I will have updates soon.