validate passkey signature before adding passkey

daimo-eth / daimo

Your own bank, on ethereum

https://daimo.com

GNU General Public License v3.0

330 stars 27 forks source link

validate passkey signature before adding passkey #535

Open dcposch opened 6 months ago

dcposch commented 6 months ago

Goal

Ivan has issues signing in with passkey, possibly due to this 1password/mac bug.

Goal is to ensure a passkey can produce working signatures before we add it. (Similar to the "Generate Key" screen on Android, though ideally without extra UI steps.)

Proposed solution

When choosing a passkey, we currently sign the dummy challenge 0xdead. We should validate the resulting WebAuthn signature before adding the key.

nalinbhardwaj commented 6 months ago

Ivan has issues signing in with passkey, possibly due to this 1password/mac bug.

issue still good to track, but noting for posterity: upgrading to ios17.2 did indeed fix the 1password bug for Ivan