Skip to main content
The Passkey signer uses the WebAuthn Validator module to authorise transactions with device-native biometrics: Face ID, Touch ID, Windows Hello. No seed phrases, no browser extensions. Keys are generated and stored in the device secure enclave and can sync across devices via iCloud Keychain or Google Password Manager. Passkeys are supported across iOS, Android, macOS, and modern browsers (Chrome, Safari, Edge).

Single owner

import { RhinestoneSDK } from '@rhinestone/sdk'
import { toWebAuthnAccount } from 'viem/account-abstraction'

const passkeyAccount = toWebAuthnAccount({ credential })

const rhinestone = new RhinestoneSDK({
  apiKey: process.env.RHINESTONE_API_KEY as string,
})

const account = await rhinestone.createAccount({
  owners: {
    type: 'passkey',
    accounts: [passkeyAccount],
  },
})

Multisig

The WebAuthn Validator supports n/m multisig with multiple passkey owners and a configurable signature threshold. A common use case: users register a passkey per device. You set up a 1-of-n account so the user can sign from any of their devices without needing to migrate keys.

Setup

const account = await rhinestone.createAccount({
  owners: {
    type: 'passkey',
    accounts: [passkeyAccountA, passkeyAccountB],
    threshold: 2, // 2-of-2: both devices must sign
  },
})
By default, threshold is 1, meaning any single passkey can sign.

Signing with a subset of owners

For m-of-n setups, specify which passkeys to use when sending a transaction: 
const result = await account.sendTransaction({
  chain,
  calls: [
    // …
  ],
  signers: {
    type: 'owner',
    kind: 'passkey',
    accounts: [passkeyAccountA],
  },
})
Provide at least as many signers as the threshold requires, or the transaction will fail validation.

Add a passkey (new device)

import { addOwner } from '@rhinestone/sdk/actions/passkeys'
import { slice } from 'viem'

const pubKeyX = BigInt(slice(newPasskeyAccount.publicKey, 0, 32))
const pubKeyY = BigInt(slice(newPasskeyAccount.publicKey, 32))
const requiresUV = false

await account.sendTransaction({
  chain,
  calls: [addOwner(pubKeyX, pubKeyY, requiresUV)],
})

Remove a passkey

import { removeOwner } from '@rhinestone/sdk/actions/passkeys'

await account.sendTransaction({
  chain,
  calls: [removeOwner(pubKeyX, pubKeyY)],
})

Change threshold

import { changeThreshold } from '@rhinestone/sdk/actions/passkeys'

await account.sendTransaction({
  chain,
  calls: [changeThreshold(2)],
})

Get current owners

const owners = await account.getOwners(chain)
// → { accounts: ['0xaaa…', '0xbbb…'], threshold: 1 }

Enable in a separate transaction

If you need to enable the passkey module on an existing account rather than at creation time: 
import { enable as enablePasskeys } from '@rhinestone/sdk/actions/passkeys'

await account.sendTransaction({
  chain,
  calls: [enablePasskeys(passkeyAccount.publicKey, passkeyAccount.id)],
  tokenRequests: [],
})