Skip to content

feat: register Biometric Credentials with WebAuthn [wallet - service]#164

Open
sotoJ24 wants to merge 3 commits intoHarmonia-Development:mainfrom
sotoJ24:main
Open

feat: register Biometric Credentials with WebAuthn [wallet - service]#164
sotoJ24 wants to merge 3 commits intoHarmonia-Development:mainfrom
sotoJ24:main

Conversation

@sotoJ24
Copy link

@sotoJ24 sotoJ24 commented Oct 6, 2025
edited
Loading

🔐 Add WebAuthn Biometric Registration API

Summary

This PR implements WebAuthn-based biometric credential registration for the Stellar wallet service, allowing users to register their biometric credentials (fingerprint, Face ID, Windows Hello) for passwordless authentication.

closes: #151

Changes Made

📁 Database Layer (src/db/kyc.ts)

  • ✅ Added credentials table with columns:
    • id (primary key, auto-increment)
    • user_id (foreign key to kyc.id)
    • credential_id (unique, stores WebAuthn credential ID)
    • public_key (stores WebAuthn public key)
  • ✅ Added CredentialRow TypeScript type
  • ✅ Added initializeCredentialsTable() function with proper indexes

🔑 WebAuthn Module (src/auth/webauthn.ts)

  • ✅ Added generateRegistrationOptions() function
    • Generates random challenge (32 bytes, base64url encoded)
    • Configures authenticator preferences (platform authenticators)
    • Returns WebAuthn-compliant registration options
  • ✅ Added TypeScript interfaces for WebAuthn types
  • ✅ Added helper functions for challenge generation and base64url encoding

🛣️ API Routes (src/routes/auth-register.ts)

  • POST /auth/register/options

    • Validates user_id exists in KYC table
    • Generates WebAuthn registration options
    • Stores challenge temporarily for verification
    • Returns HTTP 200 with registration options

  • POST /auth/register/verify

    • Accepts WebAuthn registration response from client
    • Verifies response using @simplewebauthn/server
    • Validates challenge, origin, and RP ID
    • Stores credentials in database
    • Returns HTTP 201 with user_id and credential_id

✅ Error Handling

  • Returns HTTP 400 for:
    • Missing/invalid user_id
    • User not found in KYC table
    • Invalid WebAuthn response
    • Duplicate credentials
  • Returns HTTP 500 for internal server errors

🧪 Tests (tests/routes/auth-register.test.ts)

  • ✅ Comprehensive unit tests with mocked dependencies
  • ✅ Tests for /auth/register/options endpoint (4 test cases)
  • ✅ Tests for /auth/register/verify endpoint (8 test cases)
  • ✅ Mocked @simplewebauthn/server and SQLite database
  • ✅ No external dependencies required for tests

🔧 Configuration

  • ✅ Updated src/index.ts to mount auth register routes
  • ✅ Updated package.json to use Bun native TypeScript support
Screenshot from 2025-10-06 21-10-09

Dependencies Added

  • @simplewebauthn/server - WebAuthn verification
  • yn - Required by ts-node

@sotoJ24 sotoJ24 changed the title Register Biometric Credentials with WebAuthn [wallet - service] feat: register Biometric Credentials with WebAuthn [wallet - service] Oct 6, 2025
@sotoJ24 sotoJ24 marked this pull request as ready for review October 9, 2025 04:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Register Biometric Credentials with WebAuthn [wallet - service]

1 participant

@sotoJ24