Normally there is a need to verify a signature on a backend when the challenge signed was issued on the backend as well.
This is not the case with signing a user operation.
In fact, all of the things required to sign and send a user operation are already present in passkey validator.
Removing the calls to sign-* endpoints would greatly simplify integrations with custom passkey servers.
How to get all the necessary data without reaching out to the passkey-server?
For the sign options:
Normally there is a need to verify a signature on a backend when the challenge signed was issued on the backend as well. This is not the case with signing a user operation.
In fact, all of the things required to sign and send a user operation are already present in passkey validator.
Removing the calls to
sign-*endpoints would greatly simplify integrations with custom passkey servers.How to get all the necessary data without reaching out to the passkey-server? For the sign options:
WebAuthnKeyobject.For the encoded signature object: