Passkeys Signer

In this guide, you will learn how to create a Passkey signer that can be added as a Safe owner and used to initialize any of the kits from the Safe{Core} SDK.

Note: Please always use a combination of passkeys and other authentication methods to ensure the security of your users' assets.

Prerequisites

Node.js and npm (opens in a new tab).
Passkeys feature is available only in secure contexts (opens in a new tab) (HTTPS), in some or all supporting browsers (opens in a new tab).

Install dependencies


_10npm install @safe-global/protocol-kit

Steps

Imports

Here are the necessary imports for this guide.


_10import { extractPasskeyData } from '@safe-global/protocol-kit'

In addition, you will need to import a web3 library of your choice to use in the "Get the provider and signer" section. In this guide, we are using viem.

Create a passkey

Firstly, you need to generate a passkey credential using the WebAuthn API in a supporting browser environment.


_25const RP_NAME = 'Safe Smart Account'
_25const USER_DISPLAY_NAME = 'User display name'
_25const USER_NAME = 'User name'
_25
_25const passkeyCredential = await navigator.credentials.create({
_25  publicKey: {
_25    pubKeyCredParams: [
_25      {
_25        alg: -7,
_25        type: 'public-key'
_25      }
_25    ],
_25    challenge: crypto.getRandomValues(new Uint8Array(32)),
_25    rp: {
_25      name: RP_NAME
_25    },
_25    user: {
_25      displayName: USER_DISPLAY_NAME,
_25      id: crypto.getRandomValues(new Uint8Array(32)),
_25      name: USER_NAME
_25    },
_25    timeout: 60_000,
_25    attestation: 'none'
_25  }
_25})

After generating the passkeyCredential object, you need to create a new object with the PasskeyArgType type that will contain the rawId and the coordinates information.


_10if (!passkeyCredential) {
_10  throw Error('Passkey creation failed: No credential was returned.')
_10}
_10
_10const passkey = await extractPasskeyData(passkeyCredential)

At this point, it's critical to securely store the information in the passkey object in a persistent service. Losing access to this data will result in the user being unable to access their passkey and, therefore, their Safe Smart Account.

Get the provider and signer

Once the passkey is created, you can get the provider and signer, which is the externally-owned account of the user that was derived from its credentials.

You can instantiate the provider using viem and the following imports:


_10import { createWalletClient, http } from 'viem'
_10import { sepolia } from 'viem/chains'


_10const provider = createWalletClient({
_10  chain: sepolia,
_10  transport: http('https://rpc.ankr.com/eth_sepolia')
_10})
_10
_10const signer = passkey

With the provider and signer you are ready to instantiate any of the kits from the Safe{Core} SDK and set up or use this signer as a Safe owner.

Recap and further reading

After following this guide, you are able to create a Safe signer using passkeys and get the provider and signer required to initialize the kits from the Safe{Core} SDK.

Safe Passkeys contracts (opens in a new tab)

Magic Privy

Was this page helpful?