fix(webauthn): to include scopes in the API

Author: Ansonhkg

packages/auth-services/src/auth-server/src/schemas/AuthServiceMintRequestSchema.ts

@@ -28,6 +28,7 @@ export type AuthServiceMintRequestTransformed = z.infer<
 export const tAuthServiceMintRequestSchema = t.Object({
   authMethodType: t.String(),
   authMethodId: t.String(),
+  pubkey: t.Optional(t.String()),
   pubkey: t.Optional(t.String({ default: '0x' })),
   scopes: t.Optional(
     t.Array(

packages/auth-services/src/queue-manager/src/handlers/pkpMint/pkpMint.handler.ts

@@ -14,7 +14,18 @@ export async function handlePkpMintTask(jobData: {
     pubkey: Hex;
     scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
   };
+  reqId?: string;
 }): Promise<any> {
+  if (
+    // AUTH_METHOD_TYPE.WebAuthn = 3 (without importing the constants package)
+    Number(jobData.requestBody.authMethodType) === 3 &&
+    (!jobData.requestBody.pubkey || jobData.requestBody.pubkey === '0x')
+  ) {
+    throw new Error(
+      `[PKP Mint][HANDLER] WebAuthn requires a non-empty COSE pubkey; got '${jobData.requestBody.pubkey}'. reqId=${jobData.reqId}`
+    );
+  }
+
   const userAuthData: Optional<AuthData, 'accessToken'> = {
     authMethodId: jobData.requestBody.authMethodId,
     authMethodType: Number(jobData.requestBody.authMethodType),

packages/auth/src/lib/authenticators/native/WebAuthnAuthenticator.ts

@@ -149,6 +149,7 @@ export class WebAuthnAuthenticator {
   public static async registerAndMintPKP(params: {
     username?: string;
     authServiceBaseUrl: string;
+    scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
   }): Promise<{
     pkpInfo: PKPData;
 
@@ -183,6 +184,7 @@ export class WebAuthnAuthenticator {
       authMethodType: AUTH_METHOD_TYPE.WebAuthn,
       authMethodId: authMethodId,
       pubkey: authMethodPubkey,
+      scopes: params.scopes,
     };
 
     // Immediate mint a new PKP to associate with the auth method

packages/lit-client/src/lib/LitClient/createLitClient.ts

@@ -350,7 +350,8 @@ export const _createNagaLitClient = async (
     return await networkModule.api.signCustomSessionKey.handleResponse(
       result as any,
       params.requestBody.pkpPublicKey,
-      jitContext
+      jitContext,
+      requestId
     );
   }
 

packages/networks/src/networks/vNaga/shared/factories/BaseModuleFactory.ts

@@ -898,7 +898,8 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
         handleResponse: async (
           result: z.infer<typeof GenericEncryptedPayloadSchema>,
           pkpPublicKey: Hex | string,
-          jitContext: NagaJitContext
+          jitContext: NagaJitContext,
+          requestId?: string
         ) => {
           if (!result.success) {
             E2EERequestManager.handleEncryptedError(

packages/networks/src/networks/vNaga/shared/managers/LitChainClient/apis/highLevelApis/mintPKP/MintPKPSchema.ts

@@ -17,8 +17,10 @@ export const MintPKPSchema = z
 
     // Determine pubkey based on the (potentially derived) authMethodType
     if (data.authMethodType === AUTH_METHOD_TYPE.WebAuthn) {
-      if (!data.pubkey) {
-        throw new Error('pubkey is required for WebAuthn');
+      if (!data.pubkey || data.pubkey === '0x') {
+        throw new Error(
+          `pubkey is required for WebAuthn and cannot be 0x. Received pubkey: "${data.pubkey}" and authMethodType: ${data.authMethodType}`
+        );
       }
       derivedPubkey = data.pubkey as Hex;
     } else {