Name of the task: [Web] - Webauthn pubkey cross-device communication - Mobile/Laptop support
Name of the module: Web
Difficulty: 5
Waiting for: #54 #68
Body
Short description
The smart-contract wallet we deploy for our users is designed to accept multiple signers of the same type. Meaning two different WebAuthn signers, each generated from a different device can be authorized for the same smart-contract wallet. As it is the responsibility of an already authorized signer to broadcast the transaction which will add a new signer, we have to find the best way for a device to share a pubkey with another one.
Full description
Consider two different devices that can be used to generate a new signer, a mobile (X) and a laptop (Y). One of them is already authorized (let's say the mobile X) to interact with the smart-contract wallet (Z), the second one is not yet authorized but we want to authorize it. The signer generated in the laptop (Y) is stored in the device in a way it is impossible to migrate it (in any case, even if it was possible, that wouldn't be a good idea). Also, the only way to interact with the signer (and get the public key) is to do an interaction from the website that asks for the generation of the key.
The goal of this task is to find a good UX way to communicate the public key stored in the laptop (Y) to the mobile (X). What we plan to do with the pubkey transferred to the mobile (X) is detailed in #97.
Note that we take a mobile and a laptop for example, but any composition of these two devices has to be considered (laptop-laptop, mobile-laptop, laptop-mobile, mobile-mobile).
The use of a QR code is potentially a good candidate, but please take the time to explore all the possibilities.
Header
Name of the task: [Web] - Webauthn pubkey cross-device communication - Mobile/Laptop support
Name of the module: Web
Difficulty: 5
Waiting for: #54 #68
Body
Short description
The smart-contract wallet we deploy for our users is designed to accept multiple signers of the same type. Meaning two different WebAuthn signers, each generated from a different device can be authorized for the same smart-contract wallet. As it is the responsibility of an already authorized signer to broadcast the transaction which will add a new signer, we have to find the best way for a device to share a pubkey with another one.
Full description
Consider two different devices that can be used to generate a new signer, a mobile (X) and a laptop (Y). One of them is already authorized (let's say the mobile X) to interact with the smart-contract wallet (Z), the second one is not yet authorized but we want to authorize it. The signer generated in the laptop (Y) is stored in the device in a way it is impossible to migrate it (in any case, even if it was possible, that wouldn't be a good idea). Also, the only way to interact with the signer (and get the public key) is to do an interaction from the website that asks for the generation of the key.
The goal of this task is to find a good UX way to communicate the public key stored in the laptop (Y) to the mobile (X). What we plan to do with the pubkey transferred to the mobile (X) is detailed in #97. Note that we take a mobile and a laptop for example, but any composition of these two devices has to be considered (laptop-laptop, mobile-laptop, laptop-mobile, mobile-mobile).
The use of a QR code is potentially a good candidate, but please take the time to explore all the possibilities.
Additionals ressources