📲Method 3: Passkey

Authentication via PassKey

1) Lighthouse Encryption WebAuthn Registration API

A. Start Registration Endpoint

Initiate the registration process by sending a request with the user's address.

Endpoint:

https://encryption.lighthouse.storage/passkey/register/start

Method:

POST

Headers:

• "Authorization": "Bearer <Your_Signed_Message_Token>"

Request Body Parameters:

• address: The user's wallet address.

---

Success Response:

Code: 200 OK

Content example:

{
  "challenge": {
    "data": "[Array of challenge data]"
  },
  "user": {
    "id": "[Array of user ID data]",
    "name": "<WalletAddress>",
    "displayName": "<WalletAddress>"
  }
}

---

B. Finish Registration Endpoint

Finalize the registration process with the provided credential data.

Endpoint:

https://encryption.lighthouse.storage/passkey/register/finish

Method:

POST

Request Body Parameters:

• data: An object containing the WebAuthn public key credential details:

  • authenticatorAttachment: Describes which attachment modality was selected by the user. Example: cross-platform.

  • id: Credential ID generated by the authenticator. Example: Af_Afcbl3pONtRLg...kU-R0.

  • rawId: Raw credential ID in binary form. Example: Af_Afcbl3pONtRLg...kU-R0.

  • response: An object containing response details:

    • attestationObject: Contains attestation data for the created public key credential. Example: o2NmbXRkbm...TNsqfc0sY.

    • clientDataJSON: Serialized client data used by the authenticator to generate the attestation object. Example: eyJ0eXBlIj...NzI6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0.

  • type: Type of the credential. Example: public-key.

• address: The wallet address that the user wants to prove ownership of. Example: 0x254511193Dd29f9c3c474c43B8d23C3d367Bc4A8.

• signature: The signature generated after signing the message provided by the previous endpoint (/api/message/<walletAddress>).

• name :This is the Name you are assigning to this credential (Options)

---

Success Response:

Code: 200 OK

Content:

true

Notes: A response of true indicates successful registration with WebAuthn.

---

Error Responses for both endpoints:

Code: 400 Bad Request

Content:

{
  "error": "Invalid data or address format."
}

Code: 401 Unauthorized

Content:

{
  "error": "Invalid or expired signed message."
}

Code: 500 Internal Server Error

Content:

{
  "error": "Server error, please try again later."
}

---

Notes & Usage:

• The registration process involves two main steps:

  1. Initiate the registration by sending the user's address to the start endpoint. This returns challenge data which is then used in the WebAuthn navigator.credentials.create() function.

  2. Complete the registration by sending the generated credential data to the finish endpoint.

• Always ensure you handle the challenge data and serialized credential data securely.

---

Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated.

---

By following these steps, users can register securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the registration process.

2) Lighthouse Encryption WebAuthn Login API

A. Start Authentication Endpoint

Initiate the authentication process by sending a request with the user's address.

Endpoint:

https://encryption.lighthouse.storage/passkey/login/start

Method:

POST

Request Body Parameters:

• address: The username or user's wallet address.

---

Success Response:

Code: 200 OK

Content example:

{
  "challenge": {
    "type": "Buffer",
    "data": "[Array of challenge data]"
  },
  "allowCredentials": [
      {
          "credentialID": "<Credential ID>",
          "name": "<User Assigned user Name>"
      }
    ]
}

Content Body Parameters:

• challenge:

  • type: The type of buffer used. (e.g., "Buffer").

  • data: An array of numeric values representing the challenge data.

• allowCredentials (Array):

  • credentialID: The unique identifier for the WebAuthn credential

  • name :This is the Name you are assigning to this credential (Options)

This structure provides a clearer, organized description of the given JSON payload.

---

B. Finish Authentication Endpoint

Finalize the authentication process with the provided credential data.

Endpoint:

https://encryption.lighthouse.storage/passkey/login/finish

Method:

POST

Request Body Parameters:

• credentialID: The unique identifier for the WebAuthn credential.

• data: Contains details regarding the WebAuthn response and authenticator.

  • authenticatorAttachment: Describes the authenticator attachment modality, e.g., "cross-platform".

  • id: A unique identifier for the credential.

  • rawId: The raw identifier for the credential, often the same as id.

  • response: Holds the components of the WebAuthn response.

    • attestationObject: The attestation structure after a successful WebAuthn registration.

    • clientDataJSON: A JSON representation of the client data, including the challenge, origin, type, and other details.

    • signature: The signature generated by the authenticator based on the client data.

    • authenticatorData: Contains information about the authentication event, including the counter and sometimes the user handle.

  • type: The type of the public key credential, e.g., "public-key".

---

Success Response:

Code: 200 OK

Content:

{
  "token": "YOUR_AUTHENTICATION_TOKEN"
}

Notes: The received token can be used for subsequent authenticated requests to the Lighthouse system.

---

Error Responses for both endpoints:

Code: 400 Bad Request

Content:

{
  "error": "Invalid data or address format."
}

Code: 401 Unauthorized

Content:

{
  "error": "Invalid or expired signed message."
}

Code: 500 Internal Server Error

Content:

{
  "error": "Server error, please try again later."
}

---

Notes & Usage:

• The authentication process consists of two main steps:

  1. Initiate the authentication by sending the user's address to the start endpoint. This returns a public key challenge which is then used in the WebAuthn navigator.credentials.get() function.

  2. Complete the authentication by sending the generated credential data to the finish endpoint.

• Always ensure you handle the challenge data and serialized credential data securely.

---

Use the Bearer Authorization token (signed message) for authenticating API requests. Always renew the signed message if it expires or is invalidated.

---

By following these steps, users can authenticate securely using WebAuthn with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the authentication process.

3) Lighthouse Encryption WebAuthn Delete Credential API

A. Delete Credential Endpoint

Remove the credential data based on the provided address and credential ID.

Endpoint:

https://encryption.lighthouse.storage/passkey/delete

Method:

DELETE

Headers:

• Content-Type: application/json

• Authorization: Bearer SIGNED_MESSAGE

Request Body Parameters:

• address: The Ethereum wallet address associated with the user.

• credentialID: The unique identifier for the WebAuthn credential obtained from the start endpoint.

---

Success Response:

Code: 200

Notes: Successful response indicates the deletion of the specified credential.

---

Error Responses for both endpoints:

Code: 400 Bad Request

Content:

{
  "error": "Invalid data or address format."
}

Code: 401 Unauthorized

Content:

{
  "error": "Invalid or expired signed message."
}

Code: 500 Internal Server Error

Content:

{
  "error": "Server error, please try again later."
}

Notes & Usage:

• The authentication process consists of two main steps:

  1. Initiate the authentication by sending the user's address to the start endpoint. This returns a Credential ID which can be used for further operations.

  2. Delete the credentials using the obtained credentialID and a signed message.

• Always ensure you handle the public key and other data securely during operations.

Use the Bearer Authorization token (signed message) or JWT token for authenticating API requests

---

By following these steps, users can manage their credentials securely with the Lighthouse system. Always ensure the security and integrity of the data exchanged during the process.