Hi Tyler. I built SoroPass, a minimal passkey SDK and drop-in create / sign / recover UI for Stellar smart accounts. The secp256r1 work (low-S normalization, the WebAuthn ceremony and payload, the Secp256r1Signature struct) is ported and hardened from passkey-kit, so thank you for the reference. I have one question about staying compatible with smart-wallet auth entries.
What I built. A small SDK (@soropass/core) that turns a Soroban auth preimage into a WebAuthn challenge, runs the assertion, low-S normalizes the secp256r1 signature, and assembles a SorobanAuthorizationEntry. It is implemented as its own minimal slice and stays ABI-compatible with the audited contract layer rather than reinventing it. It is proven on testnet against my own single-signer account (__check_auth / secp256r1_verify).
Proven on testnet. A passkey-signed auth entry passes a real __check_auth, and a wrong key is rejected on-chain:
Try it. You can see and test a live demo on the site below. The create, sign, and recover flows run with the SoroPass pre-built components on testnet, so you can run them yourself.
Live Demo: https://soropass.dev/
Docs: https://docs.soropass.dev/docs
Repo: https://github.com/justmert/soropass
Question. My SDK assembles the bare Secp256r1Signature struct, which my own single-signer account consumes directly. To authorize a smart-wallet, from types.rs I read that I should wrap it as Signatures(Map<SignerKey::Secp256r1(credential_id), Signature::Secp256r1(...)>). Is the Secp256r1 SignerKey the raw WebAuthn credential-id bytes, and is building that map the path you would recommend for an external SDK, or is there a helper you would point me to?
Happy to share more or test against your wallet. Thanks again for passkey-kit, a lot of this is built on it.
Hi Tyler. I built SoroPass, a minimal passkey SDK and drop-in create / sign / recover UI for Stellar smart accounts. The secp256r1 work (low-S normalization, the WebAuthn ceremony and payload, the
Secp256r1Signaturestruct) is ported and hardened from passkey-kit, so thank you for the reference. I have one question about staying compatible withsmart-walletauth entries.What I built. A small SDK (
@soropass/core) that turns a Soroban auth preimage into a WebAuthn challenge, runs the assertion, low-S normalizes the secp256r1 signature, and assembles aSorobanAuthorizationEntry. It is implemented as its own minimal slice and stays ABI-compatible with the audited contract layer rather than reinventing it. It is proven on testnet against my own single-signer account (__check_auth/secp256r1_verify).Proven on testnet. A passkey-signed auth entry passes a real
__check_auth, and a wrong key is rejected on-chain:Try it. You can see and test a live demo on the site below. The create, sign, and recover flows run with the SoroPass pre-built components on testnet, so you can run them yourself.
Live Demo: https://soropass.dev/
Docs: https://docs.soropass.dev/docs
Repo: https://github.com/justmert/soropass
Question. My SDK assembles the bare
Secp256r1Signaturestruct, which my own single-signer account consumes directly. To authorize asmart-wallet, fromtypes.rsI read that I should wrap it asSignatures(Map<SignerKey::Secp256r1(credential_id), Signature::Secp256r1(...)>). Is theSecp256r1SignerKeythe raw WebAuthn credential-id bytes, and is building that map the path you would recommend for an external SDK, or is there a helper you would point me to?Happy to share more or test against your wallet. Thanks again for passkey-kit, a lot of this is built on it.