🛂 Passkey Authentication #21
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
| @@ -0,0 +1 @@ | |||
| .vercel | |||
There was a problem hiding this comment.
This could be moved to the global .gitignore, right?
| import rpId from "../../utils/rpId.js"; | ||
|
|
||
| async function handler(request: VercelRequest, response: VercelResponse) { | ||
| const { challengeID } = request.query as { challengeID: string }; |
There was a problem hiding this comment.
You can use zod to validate this input (same with the other files)
There was a problem hiding this comment.
about validation: I'll fix after agreeing the core functionality is approved
| @@ -8,13 +8,15 @@ if (!process.env.EXPO_PUBLIC_ALCHEMY_GAS_POLICY_ID) throw new Error("missing alc | |||
| if (!process.env.EXPO_PUBLIC_TURNKEY_ORGANIZATION_ID) throw new Error("missing turnkey organization id"); | |||
| if (!process.env.EXPO_PUBLIC_TURNKEY_API_PUBLIC_KEY) throw new Error("missing turnkey api public key"); | |||
| if (!process.env.EXPO_PUBLIC_TURNKEY_API_PRIVATE_KEY) throw new Error("missing turnkey api private key"); | |||
| if (!process.env.EXPO_PUBLIC_BACKEND_URL) throw new Error("missing backend url"); | |||
There was a problem hiding this comment.
Nothing to do with the PR, but a cool idea is to validate the env with zod https://catalins.tech/validate-environment-variables-with-zod/
| export default async function createAccount() { | ||
| const challengeID = base64URLEncode(generateRandomBuffer()); | ||
| const { challenge } = await registrationOptions(challengeID); | ||
| const name = `exactly, ${new Date().toISOString()}`; |
There was a problem hiding this comment.
Why having multiples keys make sense? This may confuse the user, IMO, having 1 key per phone is ok.
I suggest the name:
| const name = `exactly, ${new Date().toISOString()}`; | |
| const name = 'exa-app-key'; |
There was a problem hiding this comment.
this key is not per device, it's global to the user's google/apple account
There was a problem hiding this comment.
Cool thanks for replying! But it make sense having the date in the name? The user will see this names, right? Maybe it could be improved so the user can differentiate between keys. Just a suggestion :)
There was a problem hiding this comment.
this key is not per device, it's global to the user's google/apple account
having this in mind, doesn't it make sense to only have 1 passkey per user google/apple account?
It could be problematic if the user creates multiple passkeys when they uninstall and reinstall app and doing the "normal" onboarding flow, creating an extra passkey.
Maybe we could make a distinct and clearly different flow for "creating a second account", where user on purpose creates a second account for whatever purpose.
TODOcomments and questions. This change is still WIP as there are some details to be discussed with team.