Merge pull-request #179

tkhq · Nov 28, 2023 · 1146884 · 1146884
2 parents fb3a175 + a03e385
commit 1146884
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 13 deletions.
diff --git a/.changeset/breezy-kangaroos-pay.md b/.changeset/breezy-kangaroos-pay.md
@@ -0,0 +1,5 @@
+---
+"@turnkey/webauthn-stamper": patch
+---
+
+Make sha256 computation synchronous to resolve ios passkey prompt issues
diff --git a/examples/with-federated-passkeys/src/pages/index.tsx b/examples/with-federated-passkeys/src/pages/index.tsx
@@ -184,15 +184,21 @@ export default function Home() {
   );
 
   const login = async () => {
-    // We use the parent org ID, which we know at all times,
-    const res = await turnkeyClient.getWhoami({
-      organizationId: process.env.NEXT_PUBLIC_ORGANIZATION_ID!,
-    });
-    // to get the sub-org ID, which we don't know at this point because we don't
-    // have a DB. Note that we are able to perform this lookup by using the
-    // credential ID from the users WebAuthn stamp.
-    setSubOrgId(res.organizationId);
-    await getWallet(res.organizationId);
+    // We use the parent org ID, which we know at all times...
+    try {
+      const res = await turnkeyClient.getWhoami({
+        organizationId: process.env.NEXT_PUBLIC_ORGANIZATION_ID!,
+      });
+      // ...to get the sub-org ID, which we don't know at this point because we don't
+      // have a DB. Note that we are able to perform this lookup by using the
+      // credential ID from the users WebAuthn stamp.
+      setSubOrgId(res.organizationId);
+      await getWallet(res.organizationId);
+    } catch (e: any) {
+      const message = `Error caught during login: ${e.toString()}`;
+      console.error(message);
+      alert(message);
+    }
   };
 
   return (

diff --git a/packages/webauthn-stamper/package.json b/packages/webauthn-stamper/package.json
@@ -50,6 +50,7 @@
     "node": ">=16.0.0"
   },
   "dependencies": {
-    "buffer": "^6.0.3"
+    "buffer": "^6.0.3",
+    "@noble/hashes": "^1.3.2"
   }
 }
diff --git a/packages/webauthn-stamper/src/index.ts b/packages/webauthn-stamper/src/index.ts
@@ -1,6 +1,7 @@
 /// <reference lib="dom" />
 import { get as webauthnCredentialGet } from "./webauthn-json";
 import { buffer as Buffer } from "./universal";
+import { sha256 } from "@noble/hashes/sha256";
 
 // Header name for a webauthn stamp
 const stampHeaderName = "X-Stamp-Webauthn";
@@ -38,7 +39,7 @@ export class WebauthnStamper {
   }
 
   async stamp(payload: string) {
-    const challenge = await getChallengeFromPayload(payload);
+    const challenge = getChallengeFromPayload(payload);
 
     const signingOptions: CredentialRequestOptions = {
       publicKey: {
@@ -67,9 +68,9 @@ export class WebauthnStamper {
   }
 }
 
-async function getChallengeFromPayload(payload: string): Promise<Uint8Array> {
+function getChallengeFromPayload(payload: string): Uint8Array {
   const messageBuffer = new TextEncoder().encode(payload);
-  const hashBuffer = await crypto.subtle.digest("SHA-256", messageBuffer);
+  const hashBuffer = sha256(messageBuffer);
   const hexString = Buffer.from(hashBuffer).toString("hex");
   const hexBuffer = Buffer.from(hexString, "utf8");
   return new Uint8Array(hexBuffer);

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml