Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rhinestone.dev/llms.txt

Use this file to discover all available pages before exploring further.

The Passkey signer uses the WebAuthn Validator module to authorise transactions with device-native biometrics: Face ID, Touch ID, Windows Hello. No seed phrases, no browser extensions. Keys are generated and stored in the device secure enclave and can sync across devices via iCloud Keychain or Google Password Manager. Passkeys are supported across iOS, Android, macOS, and modern browsers (Chrome, Safari, Edge).

Single owner

import { RhinestoneSDK } from '@rhinestone/sdk'
import { toWebAuthnAccount } from 'viem/account-abstraction'

const passkeyAccount = toWebAuthnAccount({ credential })

const rhinestone = new RhinestoneSDK({
  apiKey: process.env.RHINESTONE_API_KEY as string,
})

const account = await rhinestone.createAccount({
  owners: {
    type: 'passkey',
    accounts: [passkeyAccount],
  },
})

Multisig

The WebAuthn Validator supports n/m multisig with multiple passkey owners and a configurable signature threshold. A common use case: users register a passkey per device. You set up a 1-of-n account so the user can sign from any of their devices without needing to migrate keys.

Setup

const account = await rhinestone.createAccount({
  owners: {
    type: 'passkey',
    accounts: [passkeyAccountA, passkeyAccountB],
    threshold: 2, // 2-of-2: both devices must sign
  },
})
By default, threshold is 1, meaning any single passkey can sign.

Signing with a subset of owners

For m-of-n setups, specify which passkeys to use when sending a transaction: 
const transaction = await account.prepareTransaction({
  chain,
  calls: [
    // …
  ],
  signers: {
    type: 'owner',
    kind: 'passkey',
    accounts: [passkeyAccountA],
  },
})
Provide at least as many signers as the threshold requires, or the transaction will fail validation.

Add a passkey (new device)

import { addOwner } from '@rhinestone/sdk/actions/passkeys'
import { slice } from 'viem'

const pubKeyX = BigInt(slice(newPasskeyAccount.publicKey, 0, 32))
const pubKeyY = BigInt(slice(newPasskeyAccount.publicKey, 32))
const requiresUV = false

const transaction = await account.prepareTransaction({
  chain,
  calls: [addOwner(pubKeyX, pubKeyY, requiresUV)],
})

Remove a passkey

import { removeOwner } from '@rhinestone/sdk/actions/passkeys'

const transaction = await account.prepareTransaction({
  chain,
  calls: [removeOwner(pubKeyX, pubKeyY)],
})

Change threshold

import { changeThreshold } from '@rhinestone/sdk/actions/passkeys'

const transaction = await account.prepareTransaction({
  chain,
  calls: [changeThreshold(2)],
})

Get current owners

const owners = await account.getOwners(chain)
// → { accounts: ['0xaaa…', '0xbbb…'], threshold: 1 }

Enable in a separate transaction

If you need to enable the passkey module on an existing account rather than at creation time: 
import { enable as enablePasskeys } from '@rhinestone/sdk/actions/passkeys'

const transaction = await account.prepareTransaction({
  chain,
  calls: [enablePasskeys(passkeyAccount.publicKey, passkeyAccount.id)],
  tokenRequests: [],
})