Stellar Passkey Kit
A small, framework-agnostic kit for Soroban smart-account passkeys. Users register a WebAuthn credential, the on-chain smart-account contract treats that credential as the only signer it'll trust, and every transaction signs with Touch ID / Windows Hello / a hardware security key instead of an ed25519 seed.
SCF-43 RFP submission · Status: pre-1.0 · MIT · 2026
What lives where
| Package | Purpose |
|---|---|
@stellar-passkey/core | Browser-side TypeScript SDK — createPasskey / connectPasskey / signTransaction / signAuthEntry / recoverPasskey + a createMockKit adapter for unit tests. |
@stellar-passkey/ui | Three framework-agnostic Lit Web Components (<passkey-create-button>, <passkey-sign-tx>, <passkey-recover>). |
packages/contract | Rust smart-account contract — __check_auth verifies the WebAuthn assertion via CAP-0051 secp256r1_verify. Deployed on testnet at CBCDZA5QCF6BJQO2I2AIWTR4IBJDLJX632S6SG6Y6JNPYWZL56GJR3VI. |
Fork of @creit.tech/stellar-wallets-kit | New PasskeyModule adds Soroban smart-account support alongside Freighter / Albedo / WalletConnect / Hana / etc. |
apps/demo | Vite reference demo. Live at https://passkey-demo-3vk.pages.dev. |
Reading order
- Architecture — Mermaid diagram + plain-English walkthrough of what each box does and where user data lives.
- Usage patterns — the five canonical ceremonies + the platform-quirks library has bumped into.
- Compatibility matrix — which browsers/OS/authenticator triples are verified, and which are pending which driver fix.
- Governance — decentralization, infrastructure, user tracking, maintenance.
The 30-second quickstart
ts
import { createPasskey } from "@stellar-passkey/core";
const { contractId, credential } = await createPasskey({
rpId: "your-app.example",
rpName: "Your App",
userId: crypto.getRandomValues(new Uint8Array(16)),
userName: "alice@example",
walletWasmHash: hexToBytes(
"5ac96264b6c647cf40b25b5c19eacf534d75a45f96c99fd5122303164d28307e",
),
deployer: yourDeployerCallbacks, // backend / Launchtube / stellar-cli
});
// contractId — the Soroban smart-account C-address controlled by this passkey.
// credential.publicKey — 65-byte SEC-1 P-256 key the contract verifies against.See Usage patterns for the rest of the ceremonies and the platform-quirks library.