Cometh ConnectCometh MarketplaceCometh Checkout

Add a new device

Allow your user to access their wallet from several devices

To add a new device, the user's wallet must already exist in our system. When the user attempts to connect to their wallet on a new secondary device, no signer is available.

There are 2 possible scenarios when a user is connecting to a secondary device:

  • User has lost access to his primary device: in this case, you have to start a recovery.

  • User has access to their primary device: this will be described in the following steps.

1. Init a new signer request

From the SDK, you need to call initNewSignerRequest on the secondary device. It will create a signer and initiate a new signer request. This request, once validated on the primary device, will grant access to the secondary signer on the Safe smart wallet.

import { ConnectAdaptor, SupportedNetworks} from "@cometh/connect-sdk";

const walletAdaptor = new ConnectAdaptor({
  chainId: YOUR_CHAIN_ID,
  apiKey,
  passKeyName:YOUR_PASSKEY_NAME
});

const addSignerRequest = await walletAdaptor.initNewSignerRequest(walletAddress)

// with an optional passkeyName
const addSignerRequest = await walletAdaptor.initNewSignerRequest(walletAddress,
 passKeyName)

The user will be asked to use its biometrics to create the new passkey.

2. Save the new signer request

You need to implement a service within your backend to validate and send new signer requests.

It will do two things:

  • validate the user's identity and the wallet associated with them

  • call our dedicated route to save the request.

This API route is protected by your API Secret. Your API Secret should stay private, only be used in your backend, and never exposed in your front end.

3. Get all new signer requests

The wallet needs to be connected to call that function.

Once the user's request is created. You must display it on your user's primary device to confirm the addition of the secondary device.

To retrieve all active new signer requests for a wallet, you can call :

import { ComethWallet, ConnectAdaptor, SupportedNetworks} from "@cometh/connect-sdk";

const walletAdaptor = new ConnectAdaptor({
  chainId: YOUR_CHAIN_ID,
  apiKey,
  passKeyName:YOUR_PASSKEY_NAME
});

const wallet = new ComethWallet({
  authAdapter: walletAdaptor,
  apiKey,
  rpcUrl: RPC_URL
});

await wallet.connect(WALLET_ADDRESS)

const newSignerRequests = await walletAdaptor.getNewSignerRequests()

You have to create a UI to let your user validate or delete pending requests.

4.a Validate a new signer request

In your backend you will need a validation route to execute the following logic:

  • validate the user's identity and the associated wallet

  • call the Cometh Connect API route to validate a request

This API route is protected by your API Secret. Your API Secret should stay private, only be used in your backend, and never exposed in your front end.

You'll be able to call this service from your front-end to validate the request.

If the request is not of type WEBAUTHN you don't need to do the following code to wait for the deployment of the new webauthn signer


await walletAdaptor.waitWebAuthnSignerDeployment(
        newSignerRequest.publicKeyId
      )

4.b Add the new signer as owner of the wallet

Then, you can add the new signer as an owner of the user wallet.

await wallet.addOwner(newSignerRequest.signerAddress)

Here is a TS code example of the entire validation flow:

import { ConnectAdaptor, SupportedNetworks} from "@cometh/connect-sdk";
import axios from "axios";

const api = axios.create({
  baseURL: COMETH_API_URL,
});
api.defaults.headers.common["apisecret"] = COMETH_API_SECRET;

const walletAdaptor = new ConnectAdaptor({
  chainId: YOUR_CHAIND,
  apiKey,
  passKeyName:YOUR_PASSKEY_NAME
});
 
async function validateNewSignerRequest(newSignerRequest) {

  const body = {
    walletAddress: newSignerRequest.walletAddress,
    signerAddress: newSignerRequest.signerAddress,
    deviceData: newSignerRequest.deviceData,
    type: newSignerRequest.type,
    publicKeyId: newSignerRequest.publicKeyId,
    publicKeyX: newSignerRequest.publicKeyX,
    publicKeyY: newSignerRequest.publicKeyY,
  };
  
  await api.post(`/new-signer-request/validate`, body);
  
  if (newSignerRequest.type === "WEBAUTHN) {
    await walletAdaptor.waitWebAuthnSignerDeployment(
      newSignerRequest.publicKeyId
    );
  }
  
  await wallet.addOwner(newSignerRequest.signerAddress);
}

Delete a new signer request

In your backend you will need a deletion route to execute the following logic:

  • validate the user's identity and the associated wallet

  • call the Cometh Connect API route to delete a request

This API route is protected by your API Secret. Your API Secret should stay private, only be used in your backend, and never exposed in your front end.

Last updated