Feat: improves app security with passkey

Author: cmgustavo

ios/BitPayApp/BitPayAppDebug.entitlements

@@ -12,6 +12,7 @@
 		<string>applinks:link.test.bitpay.com</string>
 		<string>applinks:link.staging.bitpay.com</string>
 		<string>applinks:bitpay.onelink.me</string>
+		<string>webcredentials:bitpay.com</string>
 	</array>
 	<key>com.apple.developer.in-app-payments</key>
 	<array>

ios/BitPayApp/BitPayAppRelease.entitlements

@@ -12,6 +12,7 @@
 		<string>applinks:link.test.bitpay.com</string>
 		<string>applinks:link.staging.bitpay.com</string>
 		<string>applinks:bitpay.onelink.me</string>
+		<string>webcredentials:bitpay.com</string>
 	</array>
 	<key>com.apple.developer.in-app-payments</key>
 	<array>
@@ -22,6 +23,6 @@
 		<string>$(TeamIdentifierPrefix)*</string>
 	</array>
 	<key>com.apple.developer.payment-pass-provisioning</key>
-  <true/>
+	<true/>
 </dict>
 </plist>

ios/Podfile.lock

@@ -104,6 +104,7 @@ PODS:
     - React-RCTText (= 0.79.6)
     - React-RCTVibration (= 0.79.6)
   - React-callinvoker (0.79.6)
+  - React-Codegen (0.1.0)
   - React-Core (0.79.6):
     - glog
     - hermes-engine
@@ -1529,6 +1530,13 @@ PODS:
     - ReactCommon/turbomodule/bridging
     - ReactCommon/turbomodule/core
     - Yoga
+  - react-native-passkey (3.1.0):
+    - RCT-Folly
+    - RCTRequired
+    - RCTTypeSafety
+    - React-Codegen
+    - React-Core
+    - ReactCommon/turbomodule/core
   - react-native-print (0.11.0):
     - React-Core
   - react-native-randombytes (3.6.1):
@@ -2556,6 +2564,7 @@ DEPENDENCIES:
   - react-native-mmkv (from `../node_modules/react-native-mmkv`)
   - "react-native-netinfo (from `../node_modules/@react-native-community/netinfo`)"
   - react-native-pager-view (from `../node_modules/react-native-pager-view`)
+  - react-native-passkey (from `../node_modules/react-native-passkey`)
   - react-native-print (from `../node_modules/react-native-print`)
   - react-native-randombytes (from `../node_modules/react-native-randombytes`)
   - react-native-render-html (from `../node_modules/react-native-render-html`)
@@ -2633,6 +2642,7 @@ SPEC REPOS:
     - libwebp
     - Mixpanel-swift
     - MultiplatformBleAdapter
+    - React-Codegen
     - SDWebImage
     - SDWebImageWebPCoder
     - SocketRocket
@@ -2747,6 +2757,8 @@ EXTERNAL SOURCES:
     :path: "../node_modules/@react-native-community/netinfo"
   react-native-pager-view:
     :path: "../node_modules/react-native-pager-view"
+  react-native-passkey:
+    :path: "../node_modules/react-native-passkey"
   react-native-print:
     :path: "../node_modules/react-native-print"
   react-native-randombytes:
@@ -2905,6 +2917,7 @@ SPEC CHECKSUMS:
   RCTTypeSafety: 7c0b654b92ef732fffc2a3992a02d10dc8f94bfd
   React: bc28da5a227fa5e7b43e7ed68061f34740d4c880
   React-callinvoker: b78b18b44bc2c6634f7e594ad4fd206e624d41e3
+  React-Codegen: 4b8b4817cea7a54b83851d4c1f91f79aa73de30a
   React-Core: a4a66899e0bc30cc8c0678a267356d03045e8995
   React-CoreModules: 2245b5abec9edda265e5506264a40458004d0e0a
   React-cxxreact: 4d3d983512548e7c9e465c838c9339c92e724f77
@@ -2943,6 +2956,7 @@ SPEC CHECKSUMS:
   react-native-mmkv: daba9abc1723d9a88285ff09d29fcbd643591678
   react-native-netinfo: f0a9899081c185db1de5bb2fdc1c88c202a059ac
   react-native-pager-view: e0a6e9be6bf1d8ee1fdbaeab5c6a118ac13cefee
+  react-native-passkey: e0b0f58fa9b33c424bafaa0a93d66fb0e21dc092
   react-native-print: f704aef52d931bfce6d1d84351dbb5232d7ecb89
   react-native-randombytes: 421f1c7d48c0af8dbcd471b0324393ebf8fe7846
   react-native-render-html: 984dfe2294163d04bf5fe25d7c9f122e60e05ebe

package.json

@@ -138,6 +138,7 @@
     "react-native-modal": "14.0.0-rc.1",
     "react-native-os": "1.2.6",
     "react-native-pager-view": "6.7.1",
+    "react-native-passkey": "3.1.0",
     "react-native-permissions": "5.4.0",
     "react-native-print": "0.11.0",
     "react-native-progress": "5.0.0",

src/Root.tsx

@@ -69,6 +69,9 @@ import ExternalServicesSettingsGroup, {
 import AboutGroup, {
   AboutGroupParamList,
 } from './navigation/tabs/settings/about/AboutGroup';
+import SecurityGroup, {
+  SecurityGroupParamList,
+} from './navigation/tabs/settings/security/SecurityGroup';
 import AuthGroup, {AuthGroupParamList} from './navigation/auth/AuthGroup';
 import BuyCryptoGroup, {
   BuyCryptoGroupParamList,
@@ -190,7 +193,8 @@ export type RootStackParamList = {
   BillGroupParamList &
   WalletGroupParamList &
   ZenLedgerGroupParamsList &
-  SettingsGroupParamList;
+  SettingsGroupParamList &
+  SecurityGroupParamList;
 
 // ROOT NAVIGATION CONFIG
 export enum RootStacks {
@@ -221,7 +225,8 @@ export type NavScreenParams = NavigatorScreenParams<
     NotificationsSettingsGroupParamsList &
     ZenLedgerGroupParamsList &
     NetworkFeePolicySettingsGroupParamsList &
-    SettingsGroupParamList
+    SettingsGroupParamList &
+    SecurityGroupParamList
 >;
 
 declare global {
@@ -1039,6 +1044,7 @@ export default () => {
                     {SwapCryptoGroup({SwapCrypto: Root, theme})}
                     {WalletConnectGroup({WalletConnect: Root, theme})}
                     {ZenLedgerGroup({ZenLedger: Root, theme})}
+                    {SecurityGroup({Security: Root, theme})}
                   </Root.Navigator>
                   <OnGoingProcessModal />
                   <InAppNotification />

src/navigation/tabs/settings/components/Security.tsx

@@ -28,9 +28,11 @@ import {Midnight, SlateDark, White} from '../../../../styles/colors';
 import {H4, Paragraph} from '../../../../components/styled/Text';
 import {useTranslation} from 'react-i18next';
 import {sleep} from '../../../../utils/helper-methods';
-import {LogActions} from '../../../../store/log';
 import {useLogger} from '../../../../utils/hooks';
 import {TouchableOpacity} from '@components/base/TouchableOpacity';
+import {usePasskeySupport} from '../../../../utils/usePasskeySupport';
+import {useNavigation} from '@react-navigation/native';
+import AngleRight from '../../../../../assets/img/angle-right.svg';
 
 const FingerprintSvg = {
   light: <FingerprintImg />,
@@ -80,10 +82,13 @@ const ImgRow = styled.View`
 
 const Security = () => {
   const {t} = useTranslation();
+  const navigation = useNavigation();
   const dispatch = useDispatch();
   const themeType = useThemeType();
   const logger = useLogger();
   const [modalVisible, setModalVisible] = useState(false);
+  const passkeySupported = usePasskeySupport();
+  console.log('##### passkeySupported', passkeySupported);
 
   const pinLockActive = useSelector(({APP}: RootState) => APP.pinLockActive);
   const biometricLockActive = useSelector(
@@ -190,9 +195,20 @@ const Security = () => {
         break;
     }
   };
+
+  const onPressPasskeys = () => {
+    navigation.navigate('Passkeys');
+  };
+
   return (
     <>
       <SettingsComponent>
+        {passkeySupported && (
+          <Setting onPress={onPressPasskeys}>
+            <SettingTitle>{t('Passkeys')}</SettingTitle>
+            <AngleRight />
+          </Setting>
+        )}
         <Setting onPress={onPressLockButton}>
           <SettingTitle>{t('Lock App')}</SettingTitle>
           <Button onPress={onPressLockButton} buttonType={'pill'}>

src/navigation/tabs/settings/security/SecurityGroup.tsx

@@ -0,0 +1,37 @@
+import React from 'react';
+import {Theme} from '@react-navigation/native';
+import {useTranslation} from 'react-i18next';
+import PasskeyScreen from './screens/Passkeys';
+import {Root} from '../../../../Root';
+import {useStackScreenOptions} from '../../../utils/headerHelpers';
+
+interface SecurityProps {
+  Security: typeof Root;
+  theme: Theme;
+}
+
+export type SecurityGroupParamList = {
+  Passkeys: undefined;
+};
+
+export enum SecurityScreens {
+  PASSKEYS = 'Passkeys',
+}
+
+const SecurityGroup: React.FC<SecurityProps> = ({Security, theme}) => {
+  const commonOptions = useStackScreenOptions(theme);
+  const {t} = useTranslation();
+  return (
+    <Security.Group screenOptions={commonOptions}>
+      <Security.Screen
+        name={SecurityScreens.PASSKEYS}
+        component={PasskeyScreen}
+        options={{
+          headerTitle: t('Storage Usage'),
+        }}
+      />
+    </Security.Group>
+  );
+};
+
+export default SecurityGroup;

src/navigation/tabs/settings/security/screens/Passkeys.tsx

@@ -0,0 +1,57 @@
+import React, {useMemo, useState} from 'react';
+import styled from 'styled-components/native';
+import {Platform} from 'react-native';
+import {SettingsComponent, SettingsContainer} from '../../SettingsRoot';
+import {
+  Hr,
+  ScreenGutter,
+  Setting,
+  SettingTitle,
+} from '../../../../../components/styled/Containers';
+import Button from '../../../../../components/button/Button';
+import {useTranslation} from 'react-i18next';
+import {LogActions} from '../../../../../store/log';
+import {Black, Feather, LightBlack, White} from '../../../../../styles/colors';
+import {useAppDispatch, useAppSelector} from '../../../../../utils/hooks';
+
+const ScrollContainer = styled.ScrollView``;
+
+const HeaderTitle = styled(Setting)`
+  margin-top: 20px;
+  background-color: ${({theme: {dark}}) => (dark ? LightBlack : Feather)};
+  padding: 0 ${ScreenGutter};
+  border-bottom-width: 1px;
+  border-bottom-color: ${({theme: {dark}}) => (dark ? Black : White)};
+`;
+
+const PasskeyScreen: React.FC = () => {
+  const {t} = useTranslation();
+  const dispatch = useAppDispatch();
+
+  const createPasskey = () => {
+    // Functionality to create a new passkey goes here
+  };
+
+  return (
+    <SettingsContainer>
+      <ScrollContainer>
+        <HeaderTitle>
+          <SettingTitle>{t('Setup a passkey')}</SettingTitle>
+        </HeaderTitle>
+        <SettingsComponent>
+          <Setting>
+            <SettingTitle>
+              Passkeys are encrypted digital keys you create using your
+              fingerprint, face, or screen lock.
+            </SettingTitle>
+          </Setting>
+        </SettingsComponent>
+        <Button buttonType={'link'} onPress={createPasskey}>
+          Create a new Passkey
+        </Button>
+      </ScrollContainer>
+    </SettingsContainer>
+  );
+};
+
+export default PasskeyScreen;

src/utils/usePasskeySupport.ts

@@ -0,0 +1,75 @@
+import {useEffect, useState} from 'react';
+import {AppState} from 'react-native';
+import {
+  Passkey,
+  PasskeyCreateRequest,
+  PasskeyCreateResult,
+  PasskeyGetRequest,
+  PasskeyGetResult,
+} from 'react-native-passkey';
+
+export function usePasskeySupport() {
+  const [supported, setSupported] = useState<boolean>(Passkey.isSupported());
+
+  useEffect(() => {
+    const sub = AppState.addEventListener('change', s => {
+      if (s === 'active') setSupported(Passkey.isSupported());
+    });
+    return () => sub.remove();
+  }, []);
+
+  return supported;
+}
+
+type Json = Record<string, any>;
+
+async function post<T = any>(
+  url: string,
+  body?: Json,
+  token?: string,
+): Promise<T> {
+  const r = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      ...(token ? {authorization: `Bearer ${token}`} : {}),
+    },
+    body: body ? JSON.stringify(body) : undefined,
+  });
+  if (!r.ok) throw new Error(`${r.status} ${await r.text()}`);
+  return r.json();
+}
+
+export async function registerPasskey(baseUrl: string, authToken: string) {
+  console.log('#### registerPasskey');
+  const creationOptions: PasskeyCreateRequest = await post(
+    `${baseUrl}/webauthn/registration/options`,
+    {},
+    authToken,
+  );
+  console.log('#### creationOptions', creationOptions);
+
+  const result: PasskeyCreateResult = await Passkey.create(creationOptions);
+  console.log('#### result', result);
+
+  // verify with server
+  await post(`${baseUrl}/webauthn/registration/verify`, result, authToken);
+  return true;
+}
+
+export async function signInWithPasskey(baseUrl: string, username?: string) {
+  console.log('#### signInWithPasskey');
+  const requestOptions: PasskeyGetRequest = await post(
+    `${baseUrl}/webauthn/login/options`,
+    {username},
+  );
+  console.log('#### requestOptions', requestOptions);
+
+  const result: PasskeyGetResult = await Passkey.get(requestOptions);
+  console.log('#### result', result);
+
+  // verify assertion → receive app session / JWT from your backend
+  const session = await post(`${baseUrl}/webauthn/login/verify`, result);
+  console.log('#### session', session);
+  return session; // e.g., {accessToken, refreshToken, user}
+}

yarn.lock

@@ -14953,6 +14953,11 @@ react-native-pager-view@6.7.1:
   resolved "https://registry.yarnpkg.com/react-native-pager-view/-/react-native-pager-view-6.7.1.tgz#60d52dedbcc92ee7037a13287ebeed5f74e49df7"
   integrity sha512-cBSr6xw4g5N7Kd3VGWcf+kmaH7iBWb0DXAf2bVo3bXkzBcBbTOmYSvc0LVLHhUPW8nEq5WjT9LCIYAzgF++EXw==
 
+react-native-passkey@3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/react-native-passkey/-/react-native-passkey-3.1.0.tgz#26617ed0cc115c6037e2537d264955d852395168"
+  integrity sha512-qOJ0q7AqbUOGXDOObcfiOJo1BOnG+lIQMEgltgeqmyMC+2XDlr7YrOQZgLwZbXheGC7BXPpwMSev/gxkgbt3xw==
+
 react-native-permissions@5.4.0:
   version "5.4.0"
   resolved "https://registry.yarnpkg.com/react-native-permissions/-/react-native-permissions-5.4.0.tgz#04427be8897625ba5af29c3f1dc81b7bec48fd12"