Open
Conversation
- Register, attach, derive PRF key, send funds, remove passkey flows - Right-column panels: registered passkeys + associated wallets with refresh - Quick-action buttons to select passkey/wallet for attach/remove steps - Config fields (env, enterpriseId, coin) persisted to localStorage - Coin registered via coinFactory before SDK use - Staging environment option added TICKET: WCN-188
Replace access-token-based initialization with a proper login flow using WebCryptoHmacStrategy + IndexedDbTokenStore for browser-compatible HMAC auth. Rework the UI to map 1:1 to passkey-crypto SDK functions with explicit inputs, split passkey selection buttons, colored activity log, and wallet keychain fetching for webauthnDevices display. TICKET: WCN-188
passkey-crypto stores PRF salts and credential IDs as canonical base64url (no padding). atob requires the input length to be a multiple of 4 — without the padding it silently drops the trailing partial group and the PRF extension receives a salt that's missing its last byte. That bad salt produces a different PRF output, the derived password no longer matches what attachPasskeyToWallet stored, and decryption fails with ccm tag mismatch. Pad with '=' up to the next multiple of 4 before atob. Refs: WCN-194 TICKET: WCN-194
derranW26
changed the title
mohammadalfaiyazbitgo
requested changes
May 8, 2026
| "@bitgo/sdk-coin-xtz": "^2.10.7", | ||
| "@bitgo/sdk-coin-zec": "^2.8.7", | ||
| "@bitgo/sdk-core": "^36.44.0", | ||
| "@bitgo/passkey-crypto": "*", |
Contributor
There was a problem hiding this comment.
shouldn't this be versioned?
| // Fetch the wallet's user keychain to get webauthnDevices | ||
| const keychain = await wallet.getEncryptedUserKeychain(); | ||
| const devices = keychain.webauthnDevices; | ||
| const devices = (keychain as any).webauthnDevices ?? (keychain as any).webAuthnDevices; |
Contributor
There was a problem hiding this comment.
please avoid any casts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.