description |
---|
Authentication via PassKey |
Initiate the registration process by sending a request with the user's address.
Endpoint:
https://encryption.lighthouse.storage/passkey/register/start
Method:
POST
Headers:
"Authorization": "Bearer <Your_Signed_Message_Token>"
Request Body Parameters:
address
: The user's wallet address.
Success Response:
Code**:** 200 OK
Content example**:**
{
"challenge": {
"data": "[Array of challenge data]"
},
"user": {
"id": "[Array of user ID data]",
"name": "<WalletAddress>",
"displayName": "<WalletAddress>"
}
}
Finalize the registration process with the provided credential data.
Endpoint:
https://encryption.lighthouse.storage/passkey/register/finish
Method:
POST
Request Body Parameters:
data
: An object containing the WebAuthn public key credential details:authenticatorAttachment
: Describes which attachment modality was selected by the user. Example:cross-platform
.id
: Credential ID generated by the authenticator. Example:Af_Afcbl3pONtRLg...kU-R0
.rawId
: Raw credential ID in binary form. Example:Af_Afcbl3pONtRLg...kU-R0
.response
: An object containing response details:attestationObject
: Contains attestation data for the created public key credential. Example:o2NmbXRkbm...TNsqfc0sY
.clientDataJSON
: Serialized client data used by the authenticator to generate the attestation object. Example:eyJ0eXBlIj...NzI6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0
.
type
: Type of the credential. Example:public-key
.
address
: The wallet address that the user wants to prove ownership of. Example:0x254511193Dd29f9c3c474c43B8d23C3d367Bc4A8
.signature
: The signature generated after signing the message provided by the previous endpoint (/api/message/<walletAddress>
).name
:This is the Name you are assigning to this credential (Options)
Success Response:
Code**:** 200 OK
Content**:**
true
Notes**:** A response of true
indicates successful registration with WebAuthn.
Error Responses for both endpoints:
Code**:** 400 Bad Request
Content**:**
{
"error": "Invalid data or address format."
}
Code**:** 401 Unauthorized
Content**:**
{
"error": "Invalid or expired signed message."
}
Code**:** 500 Internal Server Error
Content**:**
{
"error": "Server error, please try again later."
}
Notes & Usage:
- The registration process involves two main steps:
- Initiate the registration by sending the user's address to the
start
endpoint. This returns challenge data which is then used in the WebAuthnnavigator.credentials.create()
function. - Complete the registration by sending the generated credential data to the
finish
endpoint.
- Initiate the registration by sending the user's address to the
- Always ensure you handle the challenge data and serialized credential data securely.
{% hint style="info" %} Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated. {% endhint %}
By following these steps, users can register securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the registration process.
Initiate the authentication process by sending a request with the user's address.
Endpoint:
https://encryption.lighthouse.storage/passkey/login/start
Method:
POST
Request Body Parameters:
address
: The username or user's wallet address.
Success Response:
Code**:** 200 OK
Content example**:**
{
"challenge": {
"type": "Buffer",
"data": "[Array of challenge data]"
},
"allowCredentials": [
{
"credentialID": "<Credential ID>",
"name": "<User Assigned user Name>"
}
]
}
Content Body Parameters:
challenge
:type
: The type of buffer used. (e.g., "Buffer").data
: An array of numeric values representing the challenge data.
allowCredentials
(Array):credentialID
: The unique identifier for the WebAuthn credentialname
:This is the Name you are assigning to this credential (Options)
This structure provides a clearer, organized description of the given JSON payload.
Finalize the authentication process with the provided credential data.
Endpoint:
https://encryption.lighthouse.storage/passkey/login/finish
Method:
POST
Request Body Parameters:
credentialID
: The unique identifier for the WebAuthn credential.data
: Contains details regarding the WebAuthn response and authenticator.authenticatorAttachment
: Describes the authenticator attachment modality, e.g., "cross-platform".id
: A unique identifier for the credential.rawId
: The raw identifier for the credential, often the same asid
.response
: Holds the components of the WebAuthn response.attestationObject
: The attestation structure after a successful WebAuthn registration.clientDataJSON
: A JSON representation of the client data, including the challenge, origin, type, and other details.signature
: The signature generated by the authenticator based on the client data.authenticatorData
: Contains information about the authentication event, including the counter and sometimes the user handle.
type
: The type of the public key credential, e.g., "public-key".
Success Response:
Code**:** 200 OK
Content**:**
{
"token": "YOUR_AUTHENTICATION_TOKEN"
}
Notes: The received token can be used for subsequent authenticated requests to the Lighthouse system.
Error Responses for both endpoints:
Code**:** 400 Bad Request
Content**:**
{
"error": "Invalid data or address format."
}
Code**:** 401 Unauthorized
Content**:**
{
"error": "Invalid or expired signed message."
}
Code**:** 500 Internal Server Error
Content**:**
{
"error": "Server error, please try again later."
}
Notes & Usage:
- The authentication process consists of two main steps:
- Initiate the authentication by sending the user's address to the
start
endpoint. This returns a public key challenge which is then used in the WebAuthnnavigator.credentials.get()
function. - Complete the authentication by sending the generated credential data to the
finish
endpoint.
- Initiate the authentication by sending the user's address to the
- Always ensure you handle the challenge data and serialized credential data securely.
{% hint style="info" %} Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated. {% endhint %}
By following these steps, users can authenticate securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the authentication process.
Remove the credential data based on the provided address and credential ID.
Endpoint:
https://encryption.lighthouse.storage/passkey/delete
Method:
DELETE
Headers:
Content-Type
:application/json
Authorization
:Bearer SIGNED_MESSAGE
Request Body Parameters:
address
: The Ethereum wallet address associated with the user.credentialID
: The unique identifier for the WebAuthn credential obtained from thestart
endpoint.
Success Response:
Code: 200
Notes: Successful response indicates the deletion of the specified credential.
Error Responses for both endpoints:
Code: 400 Bad Request
Content:
{
"error": "Invalid data or address format."
}
Code: 401 Unauthorized
Content:
{
"error": "Invalid or expired signed message."
}
Code: 500 Internal Server Error
Content:
{
"error": "Server error, please try again later."
}
Notes & Usage:
- The authentication process consists of two main steps:
- Initiate the authentication by sending the user's address to the
start
endpoint. This returns a Credential ID which can be used for further operations. - Delete the credentials using the obtained
credentialID
and a signed message.
- Initiate the authentication by sending the user's address to the
- Always ensure you handle the public key and other data securely during operations.
{% hint style="info" %} Use the Bearer Authorization token (signed message) or JWT token for authenticating API requests {% endhint %}
By following these steps, users can manage their credentials securely with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the process.