From ae9bdd3fdb01c7f891b39537d3fa1a75122fd330 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 1 Feb 2024 10:07:06 -0500
Subject: [PATCH 01/16] add passkeys backend functions and some test

---
 package.json                                  |  3 +-
 passkey-backend/.env.example                  |  3 +
 passkey-backend/.owners                       |  4 +
 passkey-backend/CHANGELOG.md                  |  8 ++
 passkey-backend/README.md                     | 64 ++++++++++++++
 .../.well-know/apple-app-site-association     |  7 ++
 .../assets/.well-know/assetlinks.json         | 64 ++++++++++++++
 passkey-backend/assets/index.html             | 88 +++++++++++++++++++
 .../assets/services/helpers.private.js        | 10 +++
 .../functions/authentication/start.js         | 34 +++++++
 .../functions/authentication/verification.js  | 60 +++++++++++++
 .../functions/registration/start.js           | 79 +++++++++++++++++
 .../functions/registration/verification.js    | 60 +++++++++++++
 passkey-backend/package.json                  |  8 ++
 .../tests/authentication-verification.test.js | 51 +++++++++++
 .../tests/registration-start.test.js          | 30 +++++++
 .../tests/registration-verification.test.js   | 51 +++++++++++
 templates.json                                |  5 ++
 18 files changed, 628 insertions(+), 1 deletion(-)
 create mode 100644 passkey-backend/.env.example
 create mode 100644 passkey-backend/.owners
 create mode 100644 passkey-backend/CHANGELOG.md
 create mode 100644 passkey-backend/README.md
 create mode 100644 passkey-backend/assets/.well-know/apple-app-site-association
 create mode 100644 passkey-backend/assets/.well-know/assetlinks.json
 create mode 100644 passkey-backend/assets/index.html
 create mode 100644 passkey-backend/assets/services/helpers.private.js
 create mode 100644 passkey-backend/functions/authentication/start.js
 create mode 100644 passkey-backend/functions/authentication/verification.js
 create mode 100644 passkey-backend/functions/registration/start.js
 create mode 100644 passkey-backend/functions/registration/verification.js
 create mode 100644 passkey-backend/package.json
 create mode 100644 passkey-backend/tests/authentication-verification.test.js
 create mode 100644 passkey-backend/tests/registration-start.test.js
 create mode 100644 passkey-backend/tests/registration-verification.test.js

diff --git a/package.json b/package.json
index 7663d676a..e27834022 100644
--- a/package.json
+++ b/package.json
@@ -138,6 +138,7 @@
     "voice-javascript-sdk",
     "voicemail",
     "verify-sna",
-    "flex-dialpad"
+    "flex-dialpad",
+    "passkey-backend"
   ]
 }
diff --git a/passkey-backend/.env.example b/passkey-backend/.env.example
new file mode 100644
index 000000000..a0730e761
--- /dev/null
+++ b/passkey-backend/.env.example
@@ -0,0 +1,3 @@
+API_URL=
+SERVICE_SID=
+RELYING_PARTY=
\ No newline at end of file
diff --git a/passkey-backend/.owners b/passkey-backend/.owners
new file mode 100644
index 000000000..9ff1ceb7e
--- /dev/null
+++ b/passkey-backend/.owners
@@ -0,0 +1,4 @@
+dkundel
+alisontanu
+pthirumurthi
+nicolas-camacho
diff --git a/passkey-backend/CHANGELOG.md b/passkey-backend/CHANGELOG.md
new file mode 100644
index 000000000..3982d4615
--- /dev/null
+++ b/passkey-backend/CHANGELOG.md
@@ -0,0 +1,8 @@
+# Changelog
+
+## [Unreleased]
+
+## [1.0.0]
+### Added
+- Initial release.
+
diff --git a/passkey-backend/README.md b/passkey-backend/README.md
new file mode 100644
index 000000000..6bbd6f48b
--- /dev/null
+++ b/passkey-backend/README.md
@@ -0,0 +1,64 @@
+# passkey-backend
+
+Connect appliactions with the passkey service
+
+## Pre-requisites
+
+### Environment variables
+
+This project requires some environment variables to be set. A file named `.env` is used to store the values for those environment variables. To keep your tokens and secrets secure, make sure to not commit the `.env` file in git. When setting up the project with `twilio serverless:init ...` the Twilio CLI will create a `.gitignore` file that excludes `.env` from the version history.
+
+In your `.env` file, set the following values:
+
+| Variable | Description | Required |
+| :------- | :---------- | :------- |
+
+
+### Function Parameters
+
+`/blank` expects the following parameters:
+
+| Parameter | Description | Required |
+| :-------- | :---------- | :------- |
+
+
+`/hello-messaging` is protected and requires a valid Twilio signature as well as the following parameters:
+
+| Parameter | Description | Required |
+| :-------- | :---------- | :------- |
+
+
+## Create a new project with the template
+
+1. Install the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart#install-twilio-cli)
+2. Install the [serverless toolkit](https://www.twilio.com/docs/labs/serverless-toolkit/getting-started)
+
+```shell
+twilio plugins:install @twilio-labs/plugin-serverless
+```
+
+3. Initiate a new project
+
+```
+twilio serverless:init example --template=passkey-backend && cd example
+```
+
+4. Start the server with the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
+
+```
+twilio serverless:start
+```
+
+5. Open the web page at https://localhost:3000/index.html and enter your phone number to test
+
+ℹ️ Check the developer console and terminal for any errors, make sure you've set your environment variables.
+
+## Deploying
+
+Deploy your functions and assets with either of the following commands. Note: you must run these commands from inside your project folder. [More details in the docs.](https://www.twilio.com/docs/labs/serverless-toolkit)
+
+With the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
+
+```
+twilio serverless:deploy
+```
diff --git a/passkey-backend/assets/.well-know/apple-app-site-association b/passkey-backend/assets/.well-know/apple-app-site-association
new file mode 100644
index 000000000..2cb576d39
--- /dev/null
+++ b/passkey-backend/assets/.well-know/apple-app-site-association
@@ -0,0 +1,7 @@
+{
+    "webcredentials": {
+        "apps": [
+            "9EVH78F4V4.com.passkeys.twilio.sampleCode"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/passkey-backend/assets/.well-know/assetlinks.json b/passkey-backend/assets/.well-know/assetlinks.json
new file mode 100644
index 000000000..0d0bd70b1
--- /dev/null
+++ b/passkey-backend/assets/.well-know/assetlinks.json
@@ -0,0 +1,64 @@
+[
+  {
+    "relation": [
+      "delegate_permission/common.handle_all_urls",
+      "delegate_permission/common.get_login_creds"
+    ],
+    "target": {
+      "namespace": "web",
+      "site": "https://passkey-sample-9652.twil.io"
+    }
+  },
+  {
+    "relation": [
+      "delegate_permission/common.handle_all_urls",
+      "delegate_permission/common.get_login_creds"
+    ],
+    "target": {
+      "namespace": "android_app",
+      "package_name": "com.twilio.passkeys.android",
+      "sha256_cert_fingerprints": [
+        "AF:E0:6F:5F:BF:5A:C4:E2:A0:89:22:95:B8:1C:05:4B:29:5C:80:7A:3B:69:4B:B1:0A:7B:A6:CF:1E:17:4F:A1"
+      ]
+    }
+  },
+  {
+    "relation": [
+      "delegate_permission/common.handle_all_urls",
+      "delegate_permission/common.get_login_creds"
+    ],
+    "target": {
+      "namespace": "android_app",
+      "package_name": "com.twilio.passkeys.android",
+      "sha256_cert_fingerprints": [
+        "50:5C:D6:3D:A5:1F:19:8F:3F:B1:C2:95:0B:6B:46:B6:06:FE:C4:13:57:4B:96:7F:3D:86:A3:CF:73:FE:05:53"
+      ]
+    }
+  },
+  {
+    "relation": [
+      "delegate_permission/common.handle_all_urls",
+      "delegate_permission/common.get_login_creds"
+    ],
+    "target": {
+      "namespace": "android_app",
+      "package_name": "com.twilio.passkeys.android",
+      "sha256_cert_fingerprints": [
+        "E1:1B:1C:EA:3B:D8:22:EE:73:3A:26:CF:54:AF:66:0E:08:2B:CF:9A:49:7C:34:6B:D8:02:0B:6A:BA:8D:16:EF"
+      ]
+    }
+  },
+  {
+    "relation": [
+      "delegate_permission/common.handle_all_urls",
+      "delegate_permission/common.get_login_creds"
+    ],
+    "target": {
+      "namespace": "android_app",
+      "package_name": "com.twilio.passkey_manager",
+      "sha256_cert_fingerprints": [
+        "AF:E0:6F:5F:BF:5A:C4:E2:A0:89:22:95:B8:1C:05:4B:29:5C:80:7A:3B:69:4B:B1:0A:7B:A6:CF:1E:17:4F:A1"
+      ]
+    }
+  }
+]
diff --git a/passkey-backend/assets/index.html b/passkey-backend/assets/index.html
new file mode 100644
index 000000000..14f4606fe
--- /dev/null
+++ b/passkey-backend/assets/index.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <meta http-equiv="x-ua-compatible" content="ie=edge">
+        <title>Get started with your Twilio Functions!</title>
+
+        <link rel="icon" href="https://twilio-labs.github.io/function-templates/static/v1/favicon.ico">
+        <link rel="stylesheet" href="https://twilio-labs.github.io/function-templates/static/v1/ce-paste-theme.css">
+        <script src="https://twilio-labs.github.io/function-templates/static/v1/ce-helpers.js" defer></script>
+        <script>
+         window.addEventListener('DOMContentLoaded', (_event) => {
+             inputPrependBaseURL();
+         });
+        </script>
+    </head>
+    <body>
+        <div class="page-top">
+            <header>
+                <div id="twilio-logo">
+                    <a href="https://www.twilio.com/" target="_blank" rel="noopener">
+                        <svg class="logo" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 60 60">
+                            <title>Twilio Logo</title><path class="cls-1" d="M30,15A15,15,0,1,0,45,30,15,15,0,0,0,30,15Zm0,26A11,11,0,1,1,41,30,11,11,0,0,1,30,41Zm6.8-14.7a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,36.8,26.3Zm0,7.4a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,36.8,33.7Zm-7.4,0a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,29.4,33.7Zm0-7.4a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,29.4,26.3Z"/></svg>
+                    </a>
+                </div>
+                <nav>
+                    <span>Your Twilio application</span>
+                    <aside>
+                        <svg class="icon" role="img" aria-hidden="true" width="100%" height="100%" viewBox="0 0 20 20" aria-labelledby="NewIcon-1577"><path fill="currentColor" fill-rule="evenodd" d="M6.991 7.507c.003-.679 1.021-.675 1.019.004-.012 2.956 1.388 4.41 4.492 4.48.673.016.66 1.021-.013 1.019-2.898-.011-4.327 1.446-4.48 4.506-.033.658-1.01.639-1.018-.02-.03-3.027-1.382-4.49-4.481-4.486-.675 0-.682-1.009-.008-1.019 3.02-.042 4.478-1.452 4.49-4.484zm.505 2.757l-.115.242c-.459.9-1.166 1.558-2.115 1.976l.176.08c.973.465 1.664 1.211 2.083 2.22l.02.05.088-.192c.464-.973 1.173-1.685 2.123-2.124l.039-.018-.118-.05c-.963-.435-1.667-1.117-2.113-2.034l-.068-.15zm10.357-8.12c.174.17.194.434.058.625l-.058.068-1.954 1.905 1.954 1.908a.482.482 0 010 .694.512.512 0 01-.641.056l-.07-.056-1.954-1.908-1.954 1.908a.511.511 0 01-.71 0 .482.482 0 01-.058-.626l.058-.068 1.954-1.908-1.954-1.905a.482.482 0 010-.693.512.512 0 01.64-.057l.07.057 1.954 1.905 1.954-1.905a.511.511 0 01.71 0z"></path></svg>
+                        Live
+                    </aside>
+                </nav>
+            </header>
+        </div>
+        <main>
+            <div class="content">
+                <h1>
+                    <img src="https://twilio-labs.github.io/function-templates/static/v1/success.svg" />
+                    <div>
+                        <p>Welcome!</p>
+                        <p>Your live application with Twilio is ready to use!</p>
+                    </div>
+                </h1>
+                <section>
+                    <h2>Get started with your application</h2>
+                    <p>
+                        Follow these steps to try out your new app:
+                    </p>
+                    <p>
+                        This app will return the
+                        <a href="https://www.twilio.com/docs/sms/twiml" target="_blank" rel="noopener">TwiML</a>
+                        required to respond "Hello World" to incoming SMS messages.
+                    </p>
+                    <ol class="steps">
+                        <li>Text any message to your Twilio phone number</li>
+                        <li>You should receive a response saying "Hello World"</li>
+                    </ol>
+                </section>
+                <section>
+                    <!-- APP_INFO_V2 -->
+                </section>
+                <section>
+                    <h2>Troubleshooting</h2>
+                    <ul>
+                        <li>
+                            Check the
+                            <a href="https://www.twilio.com/console/phone-numbers/incoming"
+                               target="_blank"
+                               rel="noopener">
+                                phone number configuration
+                            </a>
+                            and make sure the Twilio phone number you want for your app has a SMS webhook
+                            configured to point at the following URL
+                            <form>
+                                <label for="twilio-webhook">Webhook URL</label>
+                                <input type="text" id="twilio-webhook" class="function-root" readonly=true value="/hello-messaging">
+                            </form>
+                        </li>
+                    </ul>
+                </section>
+            </div>
+        </main>
+        <footer>
+            <span class="statement">We can't wait to see what you build.</span>
+        </footer>
+    </body>
+</html>
diff --git a/passkey-backend/assets/services/helpers.private.js b/passkey-backend/assets/services/helpers.private.js
new file mode 100644
index 000000000..51fab6616
--- /dev/null
+++ b/passkey-backend/assets/services/helpers.private.js
@@ -0,0 +1,10 @@
+const detectMissingParams = (paramNames, event) => {
+  const missingParams = paramNames.filter(
+    (param) => !event.hasOwnProperty(param)
+  );
+  return missingParams.length > 0 ? missingParams : null;
+};
+
+module.exports = {
+  detectMissingParams,
+};
diff --git a/passkey-backend/functions/authentication/start.js b/passkey-backend/functions/authentication/start.js
new file mode 100644
index 000000000..486d57004
--- /dev/null
+++ b/passkey-backend/functions/authentication/start.js
@@ -0,0 +1,34 @@
+const axios = require('axios');
+
+// eslint-disable-next-line consistent-return
+exports.handler = async (context, _, callback) => {
+  const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
+    context;
+
+  const requestBody = {
+    details: {
+      rpId: RELYING_PARTY,
+    },
+  };
+
+  const challengeURL = `${API_URL}Services/${SERVICE_SID}/Challenges`;
+
+  try {
+    const response = await axios.post(challengeURL, requestBody, {
+      auth: {
+        username: ACCOUNT_SID,
+        password: AUTH_TOKEN,
+      },
+    });
+    return callback(null, response.data.details);
+  } catch (error) {
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
+    return callback('Something went wrong');
+  }
+};
diff --git a/passkey-backend/functions/authentication/verification.js b/passkey-backend/functions/authentication/verification.js
new file mode 100644
index 000000000..88fcb52b2
--- /dev/null
+++ b/passkey-backend/functions/authentication/verification.js
@@ -0,0 +1,60 @@
+const axios = require('axios');
+
+const assets = Runtime.getAssets();
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+
+// eslint-disable-next-line consistent-return
+exports.handler = async (context, event, callback) => {
+  const missingParams = detectMissingParams(
+    [
+      'id',
+      'rawId',
+      'type',
+      'clientDataJson',
+      'authenticatorData',
+      'signature',
+      'userHandle',
+    ],
+    event
+  );
+  if (missingParams)
+    return callback(
+      `Missing parameters; please provide: '${missingParams.join(', ')}'.`
+    );
+
+  const requestBody = {
+    rawId: event.rawId,
+    id: event.id,
+    authenticatorAttachment: 'platform',
+    type: 'public-key',
+    response: {
+      clientDataJSON: event.clientDataJson,
+      authenticatorData: event.authenticatorData,
+      signature: event.signature,
+      userHandle: event.userHandle,
+    },
+  };
+
+  const verifyChallengeURL = `${context.API_URL}Services/${context.SERVICE_SID}/Challenges/Verify`;
+
+  try {
+    const response = await axios.post(verifyChallengeURL, requestBody, {
+      auth: {
+        username: ACCOUNT_SID,
+        password: AUTH_TOKEN,
+      },
+    });
+    return callback(null, {
+      status: response.data.status,
+    });
+  } catch (error) {
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
+    return callback('Something went wrong');
+  }
+};
diff --git a/passkey-backend/functions/registration/start.js b/passkey-backend/functions/registration/start.js
new file mode 100644
index 000000000..ca3829a64
--- /dev/null
+++ b/passkey-backend/functions/registration/start.js
@@ -0,0 +1,79 @@
+const axios = require('axios');
+
+const assets = Runtime.getAssets();
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+
+exports.handler = async (context, event, callback) => {
+  /*
+   * Constants set as enviroment varibales
+   * -------------------------------------
+   * Constants from the twilio account:
+   * SERVICE_SID,
+   * ACCOUNT_SID,
+   * SERVICE_SID,
+   * AUTH_TOKEN
+   *
+   * Constanst get by services:
+   * API_URL: passkey verify URL
+   * RELYING_PARTY: self URL of twilio function
+   */
+  const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
+    context;
+
+  // Verify request comes with username
+  const missingParams = detectMissingParams(['username'], event);
+  if (missingParams)
+    return callback(
+      `Missing parameters; please provide: '${missingParams.join(', ')}'.`
+    );
+
+  // Request body sent to passkey verify URL call
+  /* eslint-disable camelcase */
+  const requestBody = {
+    friendly_name: 'TouchID',
+    factory_type: 'passkeys',
+    entity: {
+      identity: event.username,
+      display_name: event.username,
+    },
+    config: {
+      relying_party: {
+        id: RELYING_PARTY,
+        name: 'PasskeySample',
+        origins: [
+          `https://${RELYING_PARTY}`,
+          'android:apk-key-hash:r-BvX79axOKgiSKVuBwFSylcgHo7aUuxCnumzx4XT6E',
+          'android:apk-key-hash:UFzWPaUfGY8_scKVC2tGtgb-xBNXS5Z_PYajz3P-BVM',
+        ],
+      },
+      authenticator_criteria: {
+        authenticator_attachment: 'platform',
+        discoverable_credentials: 'preferred',
+        user_verification: 'preferred',
+      },
+    },
+  };
+
+  // Factor URL of the passkey service
+  const factorURL = `${API_URL}Services/${SERVICE_SID}/Factors`;
+
+  // Call made to the passkey service
+  try {
+    const response = await axios.post(factorURL, requestBody, {
+      auth: {
+        username: ACCOUNT_SID,
+        password: AUTH_TOKEN,
+      },
+    });
+    return callback(null, response.data.config.creation_request);
+  } catch (error) {
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
+    return callback('Something went wrong');
+  }
+};
diff --git a/passkey-backend/functions/registration/verification.js b/passkey-backend/functions/registration/verification.js
new file mode 100644
index 000000000..e18012a24
--- /dev/null
+++ b/passkey-backend/functions/registration/verification.js
@@ -0,0 +1,60 @@
+const axios = require('axios');
+
+const assets = Runtime.getAssets();
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+
+// eslint-disable-next-line consistent-return
+exports.handler = async (context, event, callback) => {
+  const { API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } = context;
+
+  const missingParams = detectMissingParams(
+    [
+      'id',
+      'attestationObject',
+      'rawId',
+      'type',
+      'clientDataJson',
+      'transports',
+    ],
+    event
+  );
+  if (missingParams)
+    return callback(
+      `Missing parameters; please provide: '${missingParams.join(', ')}'.`
+    );
+
+  const requestBody = {
+    id: event.id,
+    rawId: event.rawId,
+    authenticatorAttachment: 'platform',
+    type: event.type,
+    response: {
+      attestationObject: event.attestationObject,
+      clientDataJSON: event.clientDataJson,
+      transports: event.transports,
+    },
+  };
+
+  const verifyFactorURL = `${API_URL}Services/${SERVICE_SID}/Factors/Verify`;
+
+  try {
+    const response = await axios.post(verifyFactorURL, requestBody, {
+      auth: {
+        username: ACCOUNT_SID,
+        password: AUTH_TOKEN,
+      },
+    });
+    return callback(null, {
+      status: response.data.status,
+    });
+  } catch (error) {
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
+    return callback('Something went wrong');
+  }
+};
diff --git a/passkey-backend/package.json b/passkey-backend/package.json
new file mode 100644
index 000000000..16b8df2f5
--- /dev/null
+++ b/passkey-backend/package.json
@@ -0,0 +1,8 @@
+{
+  "name": "passkey-backend",
+  "version": "1.0.0",
+  "private": true,
+  "dependencies": {
+    "@twilio-labs/runtime-helpers": "^0.1.2"
+  }
+}
diff --git a/passkey-backend/tests/authentication-verification.test.js b/passkey-backend/tests/authentication-verification.test.js
new file mode 100644
index 000000000..8b2fae3f0
--- /dev/null
+++ b/passkey-backend/tests/authentication-verification.test.js
@@ -0,0 +1,51 @@
+// const { handler } = require('../functions/registration/start');
+const helpers = require('../../test/test-helper');
+
+describe('registration/start', () => {
+  beforeAll(() => {
+    jest.clearAllMocks();
+    const runtime = new helpers.MockRuntime();
+    runtime._addAsset(
+      '/services/helpers.js',
+      '../assets/services/helpers.private.js'
+    );
+    helpers.setup({}, runtime);
+  });
+  afterAll(() => {
+    helpers.teardown();
+  });
+  beforeEach(() => jest.resetModules());
+
+  describe('when multiple required parameters are missing', () => {
+    it('returns an error indicating multiple missing parameters', (done) => {
+      const { handler } = require('../functions/authentication/verification');
+      const callback = (_err) => {
+        expect(_err).toBeDefined();
+        expect(_err).toEqual(
+          `Missing parameters; please provide: 'id, rawId, type, clientDataJson, authenticatorData, signature, userHandle'.`
+        );
+        done();
+      };
+      handler({}, {}, callback);
+    });
+
+    it('returns an error indicating specific missing parameters', (done) => {
+      const { handler } = require('../functions/authentication/verification');
+      const callback = (_err) => {
+        expect(_err).toBeDefined();
+        expect(_err).toEqual(
+          `Missing parameters; please provide: 'type, clientDataJson, authenticatorData, signature, userHandle'.`
+        );
+        done();
+      };
+      handler(
+        {},
+        {
+          id: '123',
+          rawId: '123',
+        },
+        callback
+      );
+    });
+  });
+});
diff --git a/passkey-backend/tests/registration-start.test.js b/passkey-backend/tests/registration-start.test.js
new file mode 100644
index 000000000..862ad0f81
--- /dev/null
+++ b/passkey-backend/tests/registration-start.test.js
@@ -0,0 +1,30 @@
+// const { handler } = require('../functions/registration/start');
+const helpers = require('../../test/test-helper');
+
+describe('registration/start', () => {
+  beforeAll(() => {
+    jest.clearAllMocks();
+    const runtime = new helpers.MockRuntime();
+    runtime._addAsset(
+      '/services/helpers.js',
+      '../assets/services/helpers.private.js'
+    );
+    helpers.setup({}, runtime);
+  });
+  afterAll(() => {
+    helpers.teardown();
+  });
+  beforeEach(() => jest.resetModules());
+
+  describe('when required username parameter is missing', () => {
+    it('returns an error response indicating the missing parameters', (done) => {
+      const { handler } = require('../functions/registration/start');
+      const callback = (_err) => {
+        expect(_err).toBeDefined();
+        expect(_err).toEqual(`Missing parameters; please provide: 'username'.`);
+        done();
+      };
+      handler({}, {}, callback);
+    });
+  });
+});
diff --git a/passkey-backend/tests/registration-verification.test.js b/passkey-backend/tests/registration-verification.test.js
new file mode 100644
index 000000000..49c52b8f9
--- /dev/null
+++ b/passkey-backend/tests/registration-verification.test.js
@@ -0,0 +1,51 @@
+// const { handler } = require('../functions/registration/start');
+const helpers = require('../../test/test-helper');
+
+describe('registration/start', () => {
+  beforeAll(() => {
+    jest.clearAllMocks();
+    const runtime = new helpers.MockRuntime();
+    runtime._addAsset(
+      '/services/helpers.js',
+      '../assets/services/helpers.private.js'
+    );
+    helpers.setup({}, runtime);
+  });
+  afterAll(() => {
+    helpers.teardown();
+  });
+  beforeEach(() => jest.resetModules());
+
+  describe('when multiple required parameters are missing', () => {
+    it('returns an error indicating multiple missing parameters', (done) => {
+      const { handler } = require('../functions/registration/verification');
+      const callback = (_err) => {
+        expect(_err).toBeDefined();
+        expect(_err).toEqual(
+          `Missing parameters; please provide: 'id, attestationObject, rawId, type, clientDataJson, transports'.`
+        );
+        done();
+      };
+      handler({}, {}, callback);
+    });
+
+    it('returns an error indicating specific missing parameters', (done) => {
+      const { handler } = require('../functions/registration/verification');
+      const callback = (_err) => {
+        expect(_err).toBeDefined();
+        expect(_err).toEqual(
+          `Missing parameters; please provide: 'attestationObject, type, clientDataJson, transports'.`
+        );
+        done();
+      };
+      handler(
+        {},
+        {
+          id: '123',
+          rawId: '123',
+        },
+        callback
+      );
+    });
+  });
+});
diff --git a/templates.json b/templates.json
index b294ae764..91d831cd6 100644
--- a/templates.json
+++ b/templates.json
@@ -339,6 +339,11 @@
       "id": "transfers",
       "name": "Transfers",
       "description": "Transfers a call to another number"
+    },
+    {
+      "id": "passkey-backend",
+      "name": "Backend for passkey app",
+      "description": "Connect appliactions with the passkey service"
     }
   ]
 }

From d178bb5b7717ea31a2bc87eff2738f913d28ae58 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Mon, 5 Feb 2024 11:31:24 -0500
Subject: [PATCH 02/16] update test with response on unsuccessfull

---
 .../functions/authentication/verification.js  |  5 +-
 .../functions/registration/start.js           |  2 +-
 .../functions/registration/verification.js    |  2 +-
 .../tests/authentication-verification.test.js | 45 +++++++++++++++---
 .../tests/registration-start.test.js          | 47 ++++++++++++++-----
 .../tests/registration-verification.test.js   | 43 ++++++++++++++---
 6 files changed, 114 insertions(+), 30 deletions(-)

diff --git a/passkey-backend/functions/authentication/verification.js b/passkey-backend/functions/authentication/verification.js
index 88fcb52b2..61df16ca9 100644
--- a/passkey-backend/functions/authentication/verification.js
+++ b/passkey-backend/functions/authentication/verification.js
@@ -5,6 +5,7 @@ const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
+  const { API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } = context;
   const missingParams = detectMissingParams(
     [
       'id',
@@ -35,7 +36,7 @@ exports.handler = async (context, event, callback) => {
     },
   };
 
-  const verifyChallengeURL = `${context.API_URL}Services/${context.SERVICE_SID}/Challenges/Verify`;
+  const verifyChallengeURL = `${API_URL}Services/${SERVICE_SID}/Challenges/Verify`;
 
   try {
     const response = await axios.post(verifyChallengeURL, requestBody, {
@@ -55,6 +56,6 @@ exports.handler = async (context, event, callback) => {
     } else {
       console.log(error);
     }
-    return callback('Something went wrong');
+    return callback(null, error);
   }
 };
diff --git a/passkey-backend/functions/registration/start.js b/passkey-backend/functions/registration/start.js
index ca3829a64..fdb1bb5ec 100644
--- a/passkey-backend/functions/registration/start.js
+++ b/passkey-backend/functions/registration/start.js
@@ -74,6 +74,6 @@ exports.handler = async (context, event, callback) => {
     } else {
       console.log(error);
     }
-    return callback('Something went wrong');
+    return callback(null, error);
   }
 };
diff --git a/passkey-backend/functions/registration/verification.js b/passkey-backend/functions/registration/verification.js
index e18012a24..a5e49df24 100644
--- a/passkey-backend/functions/registration/verification.js
+++ b/passkey-backend/functions/registration/verification.js
@@ -55,6 +55,6 @@ exports.handler = async (context, event, callback) => {
     } else {
       console.log(error);
     }
-    return callback('Something went wrong');
+    return callback(null, error);
   }
 };
diff --git a/passkey-backend/tests/authentication-verification.test.js b/passkey-backend/tests/authentication-verification.test.js
index 8b2fae3f0..d3c676092 100644
--- a/passkey-backend/tests/authentication-verification.test.js
+++ b/passkey-backend/tests/authentication-verification.test.js
@@ -1,7 +1,19 @@
-// const { handler } = require('../functions/registration/start');
+const axios = require('axios');
 const helpers = require('../../test/test-helper');
 
-describe('registration/start', () => {
+jest.mock('axios');
+
+const testEvent = {
+  id: '12345',
+  rawId: 'randomRawId',
+  type: 'test-type',
+  clientDataJson: {},
+  authenticatorData: {},
+  signature: 'test-signature',
+  userHandle: {},
+};
+
+describe('authentication/verification', () => {
   beforeAll(() => {
     jest.clearAllMocks();
     const runtime = new helpers.MockRuntime();
@@ -10,15 +22,19 @@ describe('registration/start', () => {
       '../assets/services/helpers.private.js'
     );
     helpers.setup({}, runtime);
+    handlerFunction =
+      require('../functions/authentication/verification').handler;
   });
   afterAll(() => {
     helpers.teardown();
   });
-  beforeEach(() => jest.resetModules());
+  beforeEach(() => {
+    jest.resetModules();
+    axios.post.mockClear();
+  });
 
   describe('when multiple required parameters are missing', () => {
     it('returns an error indicating multiple missing parameters', (done) => {
-      const { handler } = require('../functions/authentication/verification');
       const callback = (_err) => {
         expect(_err).toBeDefined();
         expect(_err).toEqual(
@@ -26,11 +42,10 @@ describe('registration/start', () => {
         );
         done();
       };
-      handler({}, {}, callback);
+      handlerFunction({}, {}, callback);
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
-      const { handler } = require('../functions/authentication/verification');
       const callback = (_err) => {
         expect(_err).toBeDefined();
         expect(_err).toEqual(
@@ -38,7 +53,7 @@ describe('registration/start', () => {
         );
         done();
       };
-      handler(
+      handlerFunction(
         {},
         {
           id: '123',
@@ -48,4 +63,20 @@ describe('registration/start', () => {
       );
     });
   });
+
+  describe('When response are unsuccesfull', () => {
+    it('returns error with unsuccesfull request', (done) => {
+      const expectedError = new Error('something bad happened');
+      axios.post = jest.fn(() => Promise.reject(expectedError));
+
+      const callback = (_err, result) => {
+        expect(result).toBeDefined();
+        expect(axios.post).toHaveBeenCalledTimes(1);
+        expect(result).toEqual(expectedError);
+        done();
+      };
+
+      handlerFunction({}, testEvent, callback);
+    });
+  });
 });
diff --git a/passkey-backend/tests/registration-start.test.js b/passkey-backend/tests/registration-start.test.js
index 862ad0f81..45ec1fa75 100644
--- a/passkey-backend/tests/registration-start.test.js
+++ b/passkey-backend/tests/registration-start.test.js
@@ -1,6 +1,8 @@
-// const { handler } = require('../functions/registration/start');
+const axios = require('axios');
 const helpers = require('../../test/test-helper');
 
+jest.mock('axios');
+
 describe('registration/start', () => {
   beforeAll(() => {
     jest.clearAllMocks();
@@ -10,21 +12,42 @@ describe('registration/start', () => {
       '../assets/services/helpers.private.js'
     );
     helpers.setup({}, runtime);
+    handlerFunction = require('../functions/registration/start').handler;
   });
   afterAll(() => {
     helpers.teardown();
   });
-  beforeEach(() => jest.resetModules());
+  beforeEach(() => {
+    jest.resetModules();
+    axios.post.mockClear();
+  });
+
+  it('returns an error response indicating the missing parameters', (done) => {
+    const callback = (_err) => {
+      expect(_err).toBeDefined();
+      expect(_err).toEqual(`Missing parameters; please provide: 'username'.`);
+      done();
+    };
+    handlerFunction({}, {}, callback);
+  });
 
-  describe('when required username parameter is missing', () => {
-    it('returns an error response indicating the missing parameters', (done) => {
-      const { handler } = require('../functions/registration/start');
-      const callback = (_err) => {
-        expect(_err).toBeDefined();
-        expect(_err).toEqual(`Missing parameters; please provide: 'username'.`);
-        done();
-      };
-      handler({}, {}, callback);
-    });
+  it('returns error with unsuccesfull request', (done) => {
+    const expectedError = new Error('something bad happened');
+    axios.post = jest.fn(() => Promise.reject(expectedError));
+
+    const callback = (_err, result) => {
+      expect(result).toBeDefined();
+      expect(axios.post).toHaveBeenCalledTimes(1);
+      expect(result).toEqual(expectedError);
+      done();
+    };
+
+    handlerFunction(
+      {},
+      {
+        username: 'test-username',
+      },
+      callback
+    );
   });
 });
diff --git a/passkey-backend/tests/registration-verification.test.js b/passkey-backend/tests/registration-verification.test.js
index 49c52b8f9..b78c43401 100644
--- a/passkey-backend/tests/registration-verification.test.js
+++ b/passkey-backend/tests/registration-verification.test.js
@@ -1,7 +1,18 @@
-// const { handler } = require('../functions/registration/start');
+const axios = require('axios');
 const helpers = require('../../test/test-helper');
 
-describe('registration/start', () => {
+jest.mock('axios');
+
+const testEvent = {
+  id: '12345',
+  attestationObject: {},
+  rawId: 'randomRawId',
+  type: 'test-type',
+  clientDataJson: {},
+  transports: 'test-transport',
+};
+
+describe('registration/verification', () => {
   beforeAll(() => {
     jest.clearAllMocks();
     const runtime = new helpers.MockRuntime();
@@ -10,15 +21,18 @@ describe('registration/start', () => {
       '../assets/services/helpers.private.js'
     );
     helpers.setup({}, runtime);
+    handlerFunction = require('../functions/registration/verification').handler;
   });
   afterAll(() => {
     helpers.teardown();
   });
-  beforeEach(() => jest.resetModules());
+  beforeEach(() => {
+    jest.resetModules();
+    axios.post.mockClear();
+  });
 
   describe('when multiple required parameters are missing', () => {
     it('returns an error indicating multiple missing parameters', (done) => {
-      const { handler } = require('../functions/registration/verification');
       const callback = (_err) => {
         expect(_err).toBeDefined();
         expect(_err).toEqual(
@@ -26,11 +40,10 @@ describe('registration/start', () => {
         );
         done();
       };
-      handler({}, {}, callback);
+      handlerFunction({}, {}, callback);
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
-      const { handler } = require('../functions/registration/verification');
       const callback = (_err) => {
         expect(_err).toBeDefined();
         expect(_err).toEqual(
@@ -38,7 +51,7 @@ describe('registration/start', () => {
         );
         done();
       };
-      handler(
+      handlerFunction(
         {},
         {
           id: '123',
@@ -48,4 +61,20 @@ describe('registration/start', () => {
       );
     });
   });
+
+  describe('When response are unsuccesfull', () => {
+    it('returns error with unsuccesfull request', (done) => {
+      const expectedError = new Error('something bad happened');
+      axios.post = jest.fn(() => Promise.reject(expectedError));
+
+      const callback = (_err, result) => {
+        expect(result).toBeDefined();
+        expect(axios.post).toHaveBeenCalledTimes(1);
+        expect(result).toEqual(expectedError);
+        done();
+      };
+
+      handlerFunction({}, testEvent, callback);
+    });
+  });
 });

From 3757470c509b362b65d819f9b18e8769f068feca Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Wed, 28 Feb 2024 09:25:29 -0500
Subject: [PATCH 03/16] passkey web demo view with functionality

---
 passkey-backend/README.md                     |  61 ++-
 .../assets/.well-know/assetlinks.json         |   2 +-
 passkey-backend/assets/index.html             | 428 +++++++++++++++---
 .../assets/services/helpers.private.js        |  10 +
 .../functions/authentication/start.js         |  11 +-
 .../functions/authentication/verification.js  |  15 +-
 .../functions/registration/start.js           |  30 +-
 .../functions/registration/verification.js    |  12 +-
 8 files changed, 419 insertions(+), 150 deletions(-)

diff --git a/passkey-backend/README.md b/passkey-backend/README.md
index 6bbd6f48b..1d1780591 100644
--- a/passkey-backend/README.md
+++ b/passkey-backend/README.md
@@ -8,57 +8,54 @@ Connect appliactions with the passkey service
 
 This project requires some environment variables to be set. A file named `.env` is used to store the values for those environment variables. To keep your tokens and secrets secure, make sure to not commit the `.env` file in git. When setting up the project with `twilio serverless:init ...` the Twilio CLI will create a `.gitignore` file that excludes `.env` from the version history.
 
+You can find a `.env.example` file to copy for creating your own `.env` file
+
 In your `.env` file, set the following values:
 
 | Variable | Description | Required |
 | :------- | :---------- | :------- |
+| API_URL | Passkey API to point at | yes |
+| SERVICE_SID | Service used to call twilio services | yes |
+| RELYING_PARTY | Customer app or client | yes
+| ACCOUNT_SID | Twilio account where the service belong | yes |
+| AUTH_TOKEN | Authentication token for twilio account | yes |
 
 
 ### Function Parameters
 
-`/blank` expects the following parameters:
+`/registration/start` expects the following parameters:
 
 | Parameter | Description | Required |
 | :-------- | :---------- | :------- |
+| username | user identification name | yes
 
 
-`/hello-messaging` is protected and requires a valid Twilio signature as well as the following parameters:
+`/registration/verification` expects the following parameters:
 
 | Parameter | Description | Required |
 | :-------- | :---------- | :------- |
+| id | A base64url encoded representation of `rawId`. | yes |
+| rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
+| type | `public-key` | yes |
+| attestationObject | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| transports | An Array with the transport methods given by the `AuthenticatorAttestationResponse` | yes |
 
 
-## Create a new project with the template
-
-1. Install the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart#install-twilio-cli)
-2. Install the [serverless toolkit](https://www.twilio.com/docs/labs/serverless-toolkit/getting-started)
-
-```shell
-twilio plugins:install @twilio-labs/plugin-serverless
-```
-
-3. Initiate a new project
-
-```
-twilio serverless:init example --template=passkey-backend && cd example
-```
-
-4. Start the server with the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
+`/authentication/start` a GET request, does not expect parameters
 
-```
-twilio serverless:start
-```
+`/registration/verification` expects the following parameters:
 
-5. Open the web page at https://localhost:3000/index.html and enter your phone number to test
-
-ℹ️ Check the developer console and terminal for any errors, make sure you've set your environment variables.
-
-## Deploying
-
-Deploy your functions and assets with either of the following commands. Note: you must run these commands from inside your project folder. [More details in the docs.](https://www.twilio.com/docs/labs/serverless-toolkit)
+| Parameter | Description | Required |
+| :-------- | :---------- | :------- |
+| id | A base64url encoded representation of `rawId`. | yes |
+| rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
+| type | `public-key` | yes |
+| authenticatorData | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| signature | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| userHandle | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 
-With the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
+## Test this project locally
 
-```
-twilio serverless:deploy
-```
+Follow the steps in the [Twilio CLI Test](https://github.com/AuthyApps/twilio-cli-test) repository
diff --git a/passkey-backend/assets/.well-know/assetlinks.json b/passkey-backend/assets/.well-know/assetlinks.json
index 0d0bd70b1..105e89bd1 100644
--- a/passkey-backend/assets/.well-know/assetlinks.json
+++ b/passkey-backend/assets/.well-know/assetlinks.json
@@ -6,7 +6,7 @@
     ],
     "target": {
       "namespace": "web",
-      "site": "https://passkey-sample-9652.twil.io"
+      "site": "https://6dcc8b2b3620.ngrok.app"
     }
   },
   {
diff --git a/passkey-backend/assets/index.html b/passkey-backend/assets/index.html
index 14f4606fe..c81f83057 100644
--- a/passkey-backend/assets/index.html
+++ b/passkey-backend/assets/index.html
@@ -8,81 +8,367 @@
 
         <link rel="icon" href="https://twilio-labs.github.io/function-templates/static/v1/favicon.ico">
         <link rel="stylesheet" href="https://twilio-labs.github.io/function-templates/static/v1/ce-paste-theme.css">
-        <script src="https://twilio-labs.github.io/function-templates/static/v1/ce-helpers.js" defer></script>
-        <script>
-         window.addEventListener('DOMContentLoaded', (_event) => {
-             inputPrependBaseURL();
-         });
-        </script>
+        <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/css/intlTelInput.css">
+        <script src="https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/js/intlTelInput.min.js"></script>
+        <style>
+            body {
+                margin: 0;
+                display: flex;
+                place-items: center;
+                min-width: 320px;
+                min-height: 100vh;
+                flex-direction: unset;
+                background-color: rgb(237, 242, 247);
+            }
+
+            #container, #modal, #app {
+                max-width: 1280px;
+                margin: 0 auto;
+                padding: 4rem;
+                text-align: center;
+                border-radius: 10px;
+                background-color: #FFFFFF;
+                box-shadow: 100px 100px 69px -29px rgba(0, 0, 0, 0.07);
+            }
+
+            .title {
+                margin: 25px 0;
+                font-size: 20px;
+                justify-content: center;
+                font-weight: 500;
+            }
+
+            #usr_input {
+                width: 250px;
+                padding: 0.8rem !important;
+                border: 1px solid rgb(136, 145, 170);
+                border-radius: 4px;
+                padding: 0.8rem;
+                font-size: 16px;
+            }
+
+            .invisible {
+                display: none;
+            }
+
+            .iti {
+                display: flex;
+                gap: 10px
+            }
+
+            .iti__arrow {
+                display: none;
+            }
+
+            .iti__flag-container {
+                position: relative;
+                border: 1px solid rgb(136, 145, 170);
+                border-radius: 4px;
+                padding: 0.8rem;
+            }
+
+            .input_container .iti__selected-flag {
+                background-color: #FFFFFF;
+            }
+
+            .input_container {
+                display: flex;
+                flex-direction: column;
+                gap: 10px;
+            }
+
+            .modal_input {
+                margin: 40px 0;
+            }
+
+            .input_component {
+                display: flex;
+                flex-direction: column;
+                text-align: left;
+                margin: 10px 0;
+            }
+
+            .input_component > span {
+                font-size: 14px;
+                color: #D04848;
+            }
+
+            .hide {
+                visibility: hidden;
+            }
+
+
+            .btn {
+                padding: 15px 0;
+                border-radius: 50px;
+                font-weight: 600;
+                font-size: 16px;
+            }
+
+            .continue_btn {
+                border-width: 0;
+                color: #FFFFFF;
+                background-color: rgb(205, 210, 216);
+            }
+
+            .enable {
+                background-color:rgb(2, 99, 224);
+            }
+
+            .skip_btn {
+                margin: 20px 0 0 0;
+            }
+
+            a, button {
+                cursor: pointer;
+            }
+
+            .separator {
+                color: #7F8487;
+                font-size: 10px;
+            }
+
+            .passkey_btn {
+                border-width: 1px;
+                border-color: rgb(2, 99, 224);
+                color: rgb(2, 99, 224);
+                background-color: #FFFFFF;
+                border-style: solid;
+            }
+        </style>
     </head>
     <body>
-        <div class="page-top">
-            <header>
-                <div id="twilio-logo">
-                    <a href="https://www.twilio.com/" target="_blank" rel="noopener">
-                        <svg class="logo" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 60 60">
-                            <title>Twilio Logo</title><path class="cls-1" d="M30,15A15,15,0,1,0,45,30,15,15,0,0,0,30,15Zm0,26A11,11,0,1,1,41,30,11,11,0,0,1,30,41Zm6.8-14.7a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,36.8,26.3Zm0,7.4a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,36.8,33.7Zm-7.4,0a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,29.4,33.7Zm0-7.4a3.1,3.1,0,1,1-3.1-3.1A3.12,3.12,0,0,1,29.4,26.3Z"/></svg>
-                    </a>
+        <div id="container">
+            <h1 class="title">Sign up or sign in</h1>
+            <div class="input_container">
+                <div class="input_component">
+                    <input type="tel" name="username_input" id="usr_input" oninput="checkAvalibility()">
                 </div>
-                <nav>
-                    <span>Your Twilio application</span>
-                    <aside>
-                        <svg class="icon" role="img" aria-hidden="true" width="100%" height="100%" viewBox="0 0 20 20" aria-labelledby="NewIcon-1577"><path fill="currentColor" fill-rule="evenodd" d="M6.991 7.507c.003-.679 1.021-.675 1.019.004-.012 2.956 1.388 4.41 4.492 4.48.673.016.66 1.021-.013 1.019-2.898-.011-4.327 1.446-4.48 4.506-.033.658-1.01.639-1.018-.02-.03-3.027-1.382-4.49-4.481-4.486-.675 0-.682-1.009-.008-1.019 3.02-.042 4.478-1.452 4.49-4.484zm.505 2.757l-.115.242c-.459.9-1.166 1.558-2.115 1.976l.176.08c.973.465 1.664 1.211 2.083 2.22l.02.05.088-.192c.464-.973 1.173-1.685 2.123-2.124l.039-.018-.118-.05c-.963-.435-1.667-1.117-2.113-2.034l-.068-.15zm10.357-8.12c.174.17.194.434.058.625l-.058.068-1.954 1.905 1.954 1.908a.482.482 0 010 .694.512.512 0 01-.641.056l-.07-.056-1.954-1.908-1.954 1.908a.511.511 0 01-.71 0 .482.482 0 01-.058-.626l.058-.068 1.954-1.908-1.954-1.905a.482.482 0 010-.693.512.512 0 01.64-.057l.07.057 1.954 1.905 1.954-1.905a.511.511 0 01.71 0z"></path></svg>
-                        Live
-                    </aside>
-                </nav>
-            </header>
+                <button type="button" class="btn continue_btn" id="continue" onclick="login()" disabled>Continue</button>
+                <span class="separator">&#8213; or &#8213;</span>
+                <button type="button" class="btn passkey_btn" onclick="signIn()">Sign in with passkey</button>
+            </div>
         </div>
-        <main>
-            <div class="content">
-                <h1>
-                    <img src="https://twilio-labs.github.io/function-templates/static/v1/success.svg" />
-                    <div>
-                        <p>Welcome!</p>
-                        <p>Your live application with Twilio is ready to use!</p>
-                    </div>
-                </h1>
-                <section>
-                    <h2>Get started with your application</h2>
-                    <p>
-                        Follow these steps to try out your new app:
-                    </p>
-                    <p>
-                        This app will return the
-                        <a href="https://www.twilio.com/docs/sms/twiml" target="_blank" rel="noopener">TwiML</a>
-                        required to respond "Hello World" to incoming SMS messages.
-                    </p>
-                    <ol class="steps">
-                        <li>Text any message to your Twilio phone number</li>
-                        <li>You should receive a response saying "Hello World"</li>
-                    </ol>
-                </section>
-                <section>
-                    <!-- APP_INFO_V2 -->
-                </section>
-                <section>
-                    <h2>Troubleshooting</h2>
-                    <ul>
-                        <li>
-                            Check the
-                            <a href="https://www.twilio.com/console/phone-numbers/incoming"
-                               target="_blank"
-                               rel="noopener">
-                                phone number configuration
-                            </a>
-                            and make sure the Twilio phone number you want for your app has a SMS webhook
-                            configured to point at the following URL
-                            <form>
-                                <label for="twilio-webhook">Webhook URL</label>
-                                <input type="text" id="twilio-webhook" class="function-root" readonly=true value="/hello-messaging">
-                            </form>
-                        </li>
-                    </ul>
-                </section>
+        <div id="modal" class="invisible">
+            <h1 class="title">Sign-in with your face,<br> fingerprint or PIN</h1>
+            <p>Harness your device capabilities for a fast<br> passkey login with maximun security.</p>
+            <a>Learn more &rarr;</a>
+            <div class="input_container modal_input">
+                <button class="btn continue_btn enable" onclick="signUp()">Continue</button>
+                <a class="skip_btn">Skip</a>
             </div>
-        </main>
-        <footer>
-            <span class="statement">We can't wait to see what you build.</span>
-        </footer>
+        </div>
+        <div id="app" class="invisible">
+            <h1 class="title" id="welcome"></h1>
+            <div class="input_container">
+                <button class="btn continue_btn enable" onclick="logOut()">Log out</button>
+            </div>
+        </div>
     </body>
+    <script>
+
+        let sessionUsername = sessionStorage.getItem("session");
+
+        const loadApp = (username) => {
+            document.getElementById("welcome").innerHTML = `Welcome ${username}`
+            document.getElementById("modal").classList.add("invisible");
+            document.getElementById("app").classList.remove("invisible");
+        }
+
+        if (sessionUsername) {
+            document.getElementById("container").classList.add("invisible");
+            loadApp(sessionUsername)
+        }
+        
+        const usernameElement = document.getElementById("usr_input");
+        const errorElement = document.getElementById("error");
+        const continueButton = document.getElementById("continue");
+        window.intlTelInput(usernameElement, {
+            initialCountry: "us",
+            showSelectedDialCode: true,
+            utilsScript: "https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/js/utils.js",
+        });
+
+        const checkAvalibility = () => {
+            const username = usernameElement.value
+            if(username) {
+                continueButton.classList.add("enable");
+                continueButton.disabled = false;
+            } else {
+                continueButton.classList.remove("enable");
+                continueButton.disabled = true;
+            }
+        }
+
+        function ArrayBufferToBase64(buffer) {
+            // Convert ArrayBuffer to base64 string
+            const binary = String.fromCharCode.apply(null, new Uint8Array(buffer));
+            let base64String = btoa(binary);
+
+            // Replace characters not allowed in base64url with their corresponding URL-safe alternatives
+            base64String = base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+
+            return base64String;
+        }
+
+        const strToArrayBuffer = (str) => {
+            const decodedString = atob(str);
+
+            const buffer = new Uint8Array(decodedString.length);
+            for (let i = 0; i < buffer.length; i++) {
+                buffer[i] = decodedString.charCodeAt(i);
+            }
+            return buffer;
+        }
+
+        const login = () => {
+            const authenticationCard = document.getElementById("container");
+            const passkeyCard = document.getElementById("modal");
+            authenticationCard.classList.add("invisible");
+            passkeyCard.classList.remove("invisible");
+        }
+
+        const signIn = async () => {
+            try {
+                const response = await fetch(`./authentication/start`);
+                const responseJSON = await response.json();
+
+                const { challenge, rpId, allowCredentials, timeout, useVerification } = responseJSON.publicKey
+                const publicKey = {
+                    challenge: strToArrayBuffer(challenge),
+                    rpId,
+                    allowCredentials,
+                    useVerification
+                }
+                
+                navigator.credentials.get({ publicKey })
+                    .then(async (publicKeyCredential) => {
+                        const { id, rawId, response, type, authenticatorAttachment } = publicKeyCredential
+                        const { authenticatorData, clientDataJSON, signature, userHandle } = response
+
+                        console.log(publicKeyCredential)
+
+                        console.log("data", {
+                                id: id,
+                                rawId: ArrayBufferToBase64(rawId),
+                                type: type,
+                                clientDataJson: ArrayBufferToBase64(clientDataJSON),
+                                authenticatorData: ArrayBufferToBase64(authenticatorData),
+                                signature: ArrayBufferToBase64(signature),
+                                userHandle: ArrayBufferToBase64(userHandle)
+                            });
+
+                        const authentication = await fetch('./authentication/verification', {
+                            method: "POST",
+                            headers: {
+                                "Content-Type": "application/json"
+                            },
+                            body: JSON.stringify({
+                                id: id,
+                                rawId: ArrayBufferToBase64(rawId),
+                                type: type,
+                                clientDataJson: ArrayBufferToBase64(clientDataJSON),
+                                authenticatorData: ArrayBufferToBase64(authenticatorData),
+                                signature: ArrayBufferToBase64(signature),
+                                userHandle: ArrayBufferToBase64(userHandle)
+                            })
+                        });
+
+                        const authenticationJSON = await authentication.json();
+                        const {status, identity} = authenticationJSON
+                        if(status === "approved") {
+                            loadApp(identity);
+                        } else {
+                            console.log(status);
+                        }
+                    })
+                    .catch((err) => {
+                        if(err) {
+                            console.error("Something goes wrong or maybe you dont have a passkey for this application yet");
+                        }
+                    });
+            } catch (error) {
+                console.log(err);
+            }
+        }
+ 
+        const signUp = async () => {
+            const username = usernameElement.value
+
+            try {
+                const response = await fetch(`./registration/start`, {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        username: username
+                    })
+                });
+
+                const responseJSON = await response.json();
+                const { challenge, rp, user, pubKeyCredParams, factor_sid } = responseJSON;
+
+                const createCredentialDefaultArgs = {
+                    publicKey: {
+                        rp: {
+                            name: rp.name,
+                            id: rp.id
+                        },
+                        user: {
+                            id: new Uint8Array(16),
+                            name: user.name,
+                            displayName: user.displayName
+                        },
+                        pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                        attestation: "none",
+                        timeout: 600000,
+                        challenge: strToArrayBuffer(challenge)
+                    }
+                }
+                
+                let credential = await navigator.credentials.create(createCredentialDefaultArgs);
+
+
+                const { id, rawId, authenticatorAttachment, response: pubKeyCredResponse, type } = credential;
+                const { attestationObject, clientDataJSON } = pubKeyCredResponse;
+                
+                const rawIdString = ArrayBufferToBase64(rawId);
+                const attestationObjectString = ArrayBufferToBase64(attestationObject);
+                const clientDataJSONString = ArrayBufferToBase64(clientDataJSON);
+
+                console.log(credential)
+
+                const verificationResponse = await fetch(`./registration/verification`, {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        id: id,
+                        attestationObject: attestationObjectString,
+                        rawId: rawIdString,
+                        type: type,
+                        clientDataJson: clientDataJSONString,
+                        transports: ["internal"]
+                    })
+                });
+
+                const verRespJSON = await verificationResponse.json();
+                const { status } = verRespJSON
+                if (status === 'verified') {
+                    sessionStorage.setItem('session', username);
+                    loadApp(username);
+                }
+            } catch (error) {
+                console.log(error);
+            }
+        }
+
+        const logOut = () => {
+            sessionStorage.removeItem("session");
+            document.getElementById("app").classList.add("invisible");
+            document.getElementById("container").classList.remove("invisible");
+        }
+    </script>
 </html>
diff --git a/passkey-backend/assets/services/helpers.private.js b/passkey-backend/assets/services/helpers.private.js
index 51fab6616..4014bdfc4 100644
--- a/passkey-backend/assets/services/helpers.private.js
+++ b/passkey-backend/assets/services/helpers.private.js
@@ -5,6 +5,16 @@ const detectMissingParams = (paramNames, event) => {
   return missingParams.length > 0 ? missingParams : null;
 };
 
+const errorLogger = (error) => {
+  if (error.response) {
+    console.log('Client has given an error', error);
+  } else if (error.request) {
+    console.log('Runtime error', error);
+  } else {
+    console.log(error);
+  }
+};
+
 module.exports = {
   detectMissingParams,
 };
diff --git a/passkey-backend/functions/authentication/start.js b/passkey-backend/functions/authentication/start.js
index 486d57004..d781b4d0e 100644
--- a/passkey-backend/functions/authentication/start.js
+++ b/passkey-backend/functions/authentication/start.js
@@ -1,5 +1,8 @@
 const axios = require('axios');
 
+const assets = Runtime.getAssets();
+const { errorLogger } = require(assets['/services/helpers.js'].path);
+
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, _, callback) => {
   const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
@@ -22,13 +25,7 @@ exports.handler = async (context, _, callback) => {
     });
     return callback(null, response.data.details);
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
+    errorLogger(error);
     return callback('Something went wrong');
   }
 };
diff --git a/passkey-backend/functions/authentication/verification.js b/passkey-backend/functions/authentication/verification.js
index 61df16ca9..dce1e3c82 100644
--- a/passkey-backend/functions/authentication/verification.js
+++ b/passkey-backend/functions/authentication/verification.js
@@ -1,7 +1,9 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+const { detectMissingParams, errorLogger } = require(assets[
+  '/services/helpers.js'
+].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
@@ -27,7 +29,7 @@ exports.handler = async (context, event, callback) => {
     rawId: event.rawId,
     id: event.id,
     authenticatorAttachment: 'platform',
-    type: 'public-key',
+    type: event.type,
     response: {
       clientDataJSON: event.clientDataJson,
       authenticatorData: event.authenticatorData,
@@ -47,15 +49,10 @@ exports.handler = async (context, event, callback) => {
     });
     return callback(null, {
       status: response.data.status,
+      identity: response.data.entity_identity,
     });
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
+    errorLogger(error);
     return callback(null, error);
   }
 };
diff --git a/passkey-backend/functions/registration/start.js b/passkey-backend/functions/registration/start.js
index fdb1bb5ec..d22e2d1f7 100644
--- a/passkey-backend/functions/registration/start.js
+++ b/passkey-backend/functions/registration/start.js
@@ -1,22 +1,11 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+const { detectMissingParams, errorLogger } = require(assets[
+  '/services/helpers.js'
+].path);
 
 exports.handler = async (context, event, callback) => {
-  /*
-   * Constants set as enviroment varibales
-   * -------------------------------------
-   * Constants from the twilio account:
-   * SERVICE_SID,
-   * ACCOUNT_SID,
-   * SERVICE_SID,
-   * AUTH_TOKEN
-   *
-   * Constanst get by services:
-   * API_URL: passkey verify URL
-   * RELYING_PARTY: self URL of twilio function
-   */
   const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
     context;
 
@@ -65,15 +54,12 @@ exports.handler = async (context, event, callback) => {
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, response.data.config.creation_request);
+    return callback(null, {
+      ...response.data.config.creation_request,
+      factor_sid: response.data.sid,
+    });
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
+    errorLogger(error);
     return callback(null, error);
   }
 };
diff --git a/passkey-backend/functions/registration/verification.js b/passkey-backend/functions/registration/verification.js
index a5e49df24..8bb2edef3 100644
--- a/passkey-backend/functions/registration/verification.js
+++ b/passkey-backend/functions/registration/verification.js
@@ -1,7 +1,9 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+const { detectMissingParams, errorLogger } = require(assets[
+  '/services/helpers.js'
+].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
@@ -48,13 +50,7 @@ exports.handler = async (context, event, callback) => {
       status: response.data.status,
     });
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
+    errorLogger(error);
     return callback(null, error);
   }
 };

From eafbe8c91e4ec316f907ec7177b2348478a5f5a7 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Wed, 28 Feb 2024 09:35:51 -0500
Subject: [PATCH 04/16] remove unnecesary console logs

---
 passkey-backend/assets/index.html | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/passkey-backend/assets/index.html b/passkey-backend/assets/index.html
index c81f83057..2913a4620 100644
--- a/passkey-backend/assets/index.html
+++ b/passkey-backend/assets/index.html
@@ -246,18 +246,6 @@ <h1 class="title" id="welcome"></h1>
                         const { id, rawId, response, type, authenticatorAttachment } = publicKeyCredential
                         const { authenticatorData, clientDataJSON, signature, userHandle } = response
 
-                        console.log(publicKeyCredential)
-
-                        console.log("data", {
-                                id: id,
-                                rawId: ArrayBufferToBase64(rawId),
-                                type: type,
-                                clientDataJson: ArrayBufferToBase64(clientDataJSON),
-                                authenticatorData: ArrayBufferToBase64(authenticatorData),
-                                signature: ArrayBufferToBase64(signature),
-                                userHandle: ArrayBufferToBase64(userHandle)
-                            });
-
                         const authentication = await fetch('./authentication/verification', {
                             method: "POST",
                             headers: {
@@ -337,8 +325,6 @@ <h1 class="title" id="welcome"></h1>
                 const attestationObjectString = ArrayBufferToBase64(attestationObject);
                 const clientDataJSONString = ArrayBufferToBase64(clientDataJSON);
 
-                console.log(credential)
-
                 const verificationResponse = await fetch(`./registration/verification`, {
                     method: "POST",
                     headers: {

From e03aa33a6d8c7d1068c54875ebc23475d4c60050 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Wed, 28 Feb 2024 15:17:12 -0500
Subject: [PATCH 05/16] fix user id creation

---
 passkey-backend/assets/index.html             | 28 +++++++++++++------
 .../assets/services/helpers.private.js        |  1 +
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/passkey-backend/assets/index.html b/passkey-backend/assets/index.html
index 2913a4620..248643ce0 100644
--- a/passkey-backend/assets/index.html
+++ b/passkey-backend/assets/index.html
@@ -4,7 +4,7 @@
         <meta charset="utf-8">
         <meta name="viewport" content="width=device-width, initial-scale=1.0">
         <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Get started with your Twilio Functions!</title>
+        <title>Passkey Demo</title>
 
         <link rel="icon" href="https://twilio-labs.github.io/function-templates/static/v1/favicon.ico">
         <link rel="stylesheet" href="https://twilio-labs.github.io/function-templates/static/v1/ce-paste-theme.css">
@@ -172,11 +172,11 @@ <h1 class="title" id="welcome"></h1>
         const loadApp = (username) => {
             document.getElementById("welcome").innerHTML = `Welcome ${username}`
             document.getElementById("modal").classList.add("invisible");
+            document.getElementById("container").classList.add("invisible");
             document.getElementById("app").classList.remove("invisible");
         }
 
         if (sessionUsername) {
-            document.getElementById("container").classList.add("invisible");
             loadApp(sessionUsername)
         }
         
@@ -221,6 +221,12 @@ <h1 class="title" id="welcome"></h1>
             return buffer;
         }
 
+        function stringToArrayBuffer(str) {
+            const encoder = new TextEncoder();
+            const uint8Array = encoder.encode(str);
+            return uint8Array.buffer;
+        }
+
         const login = () => {
             const authenticationCard = document.getElementById("container");
             const passkeyCard = document.getElementById("modal");
@@ -232,13 +238,12 @@ <h1 class="title" id="welcome"></h1>
             try {
                 const response = await fetch(`./authentication/start`);
                 const responseJSON = await response.json();
-
-                const { challenge, rpId, allowCredentials, timeout, useVerification } = responseJSON.publicKey
+                const { challenge, rpId, allowCredentials, timeout, userVerification } = responseJSON.publicKey
                 const publicKey = {
-                    challenge: strToArrayBuffer(challenge),
+                    challenge: Uint8Array.from(atob(challenge), c => c.charCodeAt(0)),
                     rpId,
                     allowCredentials,
-                    useVerification
+                    userVerification
                 }
                 
                 navigator.credentials.get({ publicKey })
@@ -265,6 +270,7 @@ <h1 class="title" id="welcome"></h1>
                         const authenticationJSON = await authentication.json();
                         const {status, identity} = authenticationJSON
                         if(status === "approved") {
+                            sessionStorage.setItem('session', identity);
                             loadApp(identity);
                         } else {
                             console.log(status);
@@ -304,14 +310,20 @@ <h1 class="title" id="welcome"></h1>
                             id: rp.id
                         },
                         user: {
-                            id: new Uint8Array(16),
+                            id: strToArrayBuffer(user.id),
                             name: user.name,
                             displayName: user.displayName
                         },
                         pubKeyCredParams: [{ type: "public-key", alg: -7 }],
                         attestation: "none",
                         timeout: 600000,
-                        challenge: strToArrayBuffer(challenge)
+                        challenge: strToArrayBuffer(challenge),
+                        authenticatorSelection: {
+                            residentKey: "preferred"
+                        },
+                        extensions: {
+                            credProps: true,
+                        }
                     }
                 }
                 
diff --git a/passkey-backend/assets/services/helpers.private.js b/passkey-backend/assets/services/helpers.private.js
index 4014bdfc4..a8da0dd25 100644
--- a/passkey-backend/assets/services/helpers.private.js
+++ b/passkey-backend/assets/services/helpers.private.js
@@ -17,4 +17,5 @@ const errorLogger = (error) => {
 
 module.exports = {
   detectMissingParams,
+  errorLogger,
 };

From 01479d2095e0c68a3bd11d18dc9f666e01e460e2 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 7 Mar 2024 09:16:26 -0500
Subject: [PATCH 06/16] variables, names and type parameter modified

---
 passkey-backend/.env.example                  |  4 ++-
 passkey-backend/README.md                     | 25 ++++++++++---
 .../.well-know/apple-app-site-association     |  2 +-
 .../assets/.well-know/assetlinks.json         | 36 ++-----------------
 passkey-backend/assets/index.html             |  4 +--
 .../functions/authentication/verification.js  |  3 +-
 .../functions/registration/start.js           |  6 ++--
 .../functions/registration/verification.js    | 11 ++----
 passkey-backend/package.json                  |  2 +-
 9 files changed, 35 insertions(+), 58 deletions(-)

diff --git a/passkey-backend/.env.example b/passkey-backend/.env.example
index a0730e761..1bec353a0 100644
--- a/passkey-backend/.env.example
+++ b/passkey-backend/.env.example
@@ -1,3 +1,5 @@
 API_URL=
 SERVICE_SID=
-RELYING_PARTY=
\ No newline at end of file
+RELYING_PARTY=
+ACCOUNT_SID=
+AUTH_TOKEN=
\ No newline at end of file
diff --git a/passkey-backend/README.md b/passkey-backend/README.md
index 1d1780591..e2d8d37c1 100644
--- a/passkey-backend/README.md
+++ b/passkey-backend/README.md
@@ -1,6 +1,6 @@
-# passkey-backend
+# passkeys-backend
 
-Connect appliactions with the passkey service
+Verify enables developers to easily add Passkeys into their existing authentication flows, similar to Verify TOTP and Push. The Verify API supports passkey registration, public key storage, and auth flows. On the client-side, developers can optionally embed an open-source library (SDK) that handles interactions with operating systems and customizable UI widgets that maximize conversion.
 
 ## Pre-requisites
 
@@ -20,6 +20,23 @@ In your `.env` file, set the following values:
 | ACCOUNT_SID | Twilio account where the service belong | yes |
 | AUTH_TOKEN | Authentication token for twilio account | yes |
 
+### Service customization
+
+Besides the enviroment variables files, the project also contain two files called `assetlink.json` and `apple-app-site-association` inside `./assets/.well-know/`, that is a public file that contains the identificators for the apps that will be connecting the service.
+
+`apple-app-site-association` contains identificator hash for the origin app in iOS:
+
+| Variable | Description | Required |
+| :------- | :---------- | :------- |
+| ORIGIN_IOS_APP_HASH | Replace it with the identificator of the iOS app | yes |
+
+`assetlink.json` contains identificator hash for the origin apps in android and web:
+
+| Variable | Description | Required |
+| :------- | :---------- | :------- |
+| RELYING_PARTY | Replace it with the value of the relaying party | yes |
+| FINGERPRINT_CERTIFICATION_HASH | Replace it with the hash fingerprint given by android app in format SHA256 | yes |
+
 
 ### Function Parameters
 
@@ -36,7 +53,6 @@ In your `.env` file, set the following values:
 | :-------- | :---------- | :------- |
 | id | A base64url encoded representation of `rawId`. | yes |
 | rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
-| type | `public-key` | yes |
 | attestationObject | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | transports | An Array with the transport methods given by the `AuthenticatorAttestationResponse` | yes |
@@ -44,13 +60,12 @@ In your `.env` file, set the following values:
 
 `/authentication/start` a GET request, does not expect parameters
 
-`/registration/verification` expects the following parameters:
+`/authentication/verification` expects the following parameters:
 
 | Parameter | Description | Required |
 | :-------- | :---------- | :------- |
 | id | A base64url encoded representation of `rawId`. | yes |
 | rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
-| type | `public-key` | yes |
 | authenticatorData | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | signature | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
diff --git a/passkey-backend/assets/.well-know/apple-app-site-association b/passkey-backend/assets/.well-know/apple-app-site-association
index 2cb576d39..8f9626249 100644
--- a/passkey-backend/assets/.well-know/apple-app-site-association
+++ b/passkey-backend/assets/.well-know/apple-app-site-association
@@ -1,7 +1,7 @@
 {
     "webcredentials": {
         "apps": [
-            "9EVH78F4V4.com.passkeys.twilio.sampleCode"
+            "{ORIGIN_IOS_APP_HASH}"
         ]
     }
 }
\ No newline at end of file
diff --git a/passkey-backend/assets/.well-know/assetlinks.json b/passkey-backend/assets/.well-know/assetlinks.json
index 105e89bd1..9a034df28 100644
--- a/passkey-backend/assets/.well-know/assetlinks.json
+++ b/passkey-backend/assets/.well-know/assetlinks.json
@@ -6,7 +6,7 @@
     ],
     "target": {
       "namespace": "web",
-      "site": "https://6dcc8b2b3620.ngrok.app"
+      "site": "{RELYING_PARTY}"
     }
   },
   {
@@ -17,35 +17,7 @@
     "target": {
       "namespace": "android_app",
       "package_name": "com.twilio.passkeys.android",
-      "sha256_cert_fingerprints": [
-        "AF:E0:6F:5F:BF:5A:C4:E2:A0:89:22:95:B8:1C:05:4B:29:5C:80:7A:3B:69:4B:B1:0A:7B:A6:CF:1E:17:4F:A1"
-      ]
-    }
-  },
-  {
-    "relation": [
-      "delegate_permission/common.handle_all_urls",
-      "delegate_permission/common.get_login_creds"
-    ],
-    "target": {
-      "namespace": "android_app",
-      "package_name": "com.twilio.passkeys.android",
-      "sha256_cert_fingerprints": [
-        "50:5C:D6:3D:A5:1F:19:8F:3F:B1:C2:95:0B:6B:46:B6:06:FE:C4:13:57:4B:96:7F:3D:86:A3:CF:73:FE:05:53"
-      ]
-    }
-  },
-  {
-    "relation": [
-      "delegate_permission/common.handle_all_urls",
-      "delegate_permission/common.get_login_creds"
-    ],
-    "target": {
-      "namespace": "android_app",
-      "package_name": "com.twilio.passkeys.android",
-      "sha256_cert_fingerprints": [
-        "E1:1B:1C:EA:3B:D8:22:EE:73:3A:26:CF:54:AF:66:0E:08:2B:CF:9A:49:7C:34:6B:D8:02:0B:6A:BA:8D:16:EF"
-      ]
+      "sha256_cert_fingerprints": ["{FINGERPRINT_CERTIFICATION_HASH}"]
     }
   },
   {
@@ -56,9 +28,7 @@
     "target": {
       "namespace": "android_app",
       "package_name": "com.twilio.passkey_manager",
-      "sha256_cert_fingerprints": [
-        "AF:E0:6F:5F:BF:5A:C4:E2:A0:89:22:95:B8:1C:05:4B:29:5C:80:7A:3B:69:4B:B1:0A:7B:A6:CF:1E:17:4F:A1"
-      ]
+      "sha256_cert_fingerprints": ["{FINGERPRINT_CERTIFICATION_HASH}"]
     }
   }
 ]
diff --git a/passkey-backend/assets/index.html b/passkey-backend/assets/index.html
index 248643ce0..8a0be9c4b 100644
--- a/passkey-backend/assets/index.html
+++ b/passkey-backend/assets/index.html
@@ -4,7 +4,7 @@
         <meta charset="utf-8">
         <meta name="viewport" content="width=device-width, initial-scale=1.0">
         <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title>Passkey Demo</title>
+        <title>Passkeys Demo</title>
 
         <link rel="icon" href="https://twilio-labs.github.io/function-templates/static/v1/favicon.ico">
         <link rel="stylesheet" href="https://twilio-labs.github.io/function-templates/static/v1/ce-paste-theme.css">
@@ -259,7 +259,6 @@ <h1 class="title" id="welcome"></h1>
                             body: JSON.stringify({
                                 id: id,
                                 rawId: ArrayBufferToBase64(rawId),
-                                type: type,
                                 clientDataJson: ArrayBufferToBase64(clientDataJSON),
                                 authenticatorData: ArrayBufferToBase64(authenticatorData),
                                 signature: ArrayBufferToBase64(signature),
@@ -346,7 +345,6 @@ <h1 class="title" id="welcome"></h1>
                         id: id,
                         attestationObject: attestationObjectString,
                         rawId: rawIdString,
-                        type: type,
                         clientDataJson: clientDataJSONString,
                         transports: ["internal"]
                     })
diff --git a/passkey-backend/functions/authentication/verification.js b/passkey-backend/functions/authentication/verification.js
index dce1e3c82..606452b2c 100644
--- a/passkey-backend/functions/authentication/verification.js
+++ b/passkey-backend/functions/authentication/verification.js
@@ -12,7 +12,6 @@ exports.handler = async (context, event, callback) => {
     [
       'id',
       'rawId',
-      'type',
       'clientDataJson',
       'authenticatorData',
       'signature',
@@ -29,7 +28,7 @@ exports.handler = async (context, event, callback) => {
     rawId: event.rawId,
     id: event.id,
     authenticatorAttachment: 'platform',
-    type: event.type,
+    type: 'public-key',
     response: {
       clientDataJSON: event.clientDataJson,
       authenticatorData: event.authenticatorData,
diff --git a/passkey-backend/functions/registration/start.js b/passkey-backend/functions/registration/start.js
index d22e2d1f7..f4d1fcbb1 100644
--- a/passkey-backend/functions/registration/start.js
+++ b/passkey-backend/functions/registration/start.js
@@ -16,7 +16,7 @@ exports.handler = async (context, event, callback) => {
       `Missing parameters; please provide: '${missingParams.join(', ')}'.`
     );
 
-  // Request body sent to passkey verify URL call
+  // Request body sent to passkeys verify URL call
   /* eslint-disable camelcase */
   const requestBody = {
     friendly_name: 'TouchID',
@@ -43,10 +43,10 @@ exports.handler = async (context, event, callback) => {
     },
   };
 
-  // Factor URL of the passkey service
+  // Factor URL of the passkeys service
   const factorURL = `${API_URL}Services/${SERVICE_SID}/Factors`;
 
-  // Call made to the passkey service
+  // Call made to the passkeys service
   try {
     const response = await axios.post(factorURL, requestBody, {
       auth: {
diff --git a/passkey-backend/functions/registration/verification.js b/passkey-backend/functions/registration/verification.js
index 8bb2edef3..856ca3863 100644
--- a/passkey-backend/functions/registration/verification.js
+++ b/passkey-backend/functions/registration/verification.js
@@ -10,14 +10,7 @@ exports.handler = async (context, event, callback) => {
   const { API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } = context;
 
   const missingParams = detectMissingParams(
-    [
-      'id',
-      'attestationObject',
-      'rawId',
-      'type',
-      'clientDataJson',
-      'transports',
-    ],
+    ['id', 'attestationObject', 'rawId', 'clientDataJson', 'transports'],
     event
   );
   if (missingParams)
@@ -29,7 +22,7 @@ exports.handler = async (context, event, callback) => {
     id: event.id,
     rawId: event.rawId,
     authenticatorAttachment: 'platform',
-    type: event.type,
+    type: 'public-key',
     response: {
       attestationObject: event.attestationObject,
       clientDataJSON: event.clientDataJson,
diff --git a/passkey-backend/package.json b/passkey-backend/package.json
index 16b8df2f5..88f97b292 100644
--- a/passkey-backend/package.json
+++ b/passkey-backend/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "passkey-backend",
+  "name": "passkeys-backend",
   "version": "1.0.0",
   "private": true,
   "dependencies": {

From a1d80b427350f252dd9e69338e9e6c50adcb0661 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 7 Mar 2024 09:19:24 -0500
Subject: [PATCH 07/16] replaced passkey to passkeys

---
 package.json                                                | 2 +-
 {passkey-backend => passkeys-backend}/.env.example          | 0
 {passkey-backend => passkeys-backend}/.owners               | 0
 {passkey-backend => passkeys-backend}/CHANGELOG.md          | 0
 {passkey-backend => passkeys-backend}/README.md             | 0
 .../assets/.well-know/apple-app-site-association            | 0
 .../assets/.well-know/assetlinks.json                       | 0
 {passkey-backend => passkeys-backend}/assets/index.html     | 0
 .../assets/services/helpers.private.js                      | 0
 .../functions/authentication/start.js                       | 0
 .../functions/authentication/verification.js                | 0
 .../functions/registration/start.js                         | 0
 .../functions/registration/verification.js                  | 0
 {passkey-backend => passkeys-backend}/package.json          | 0
 .../tests/authentication-verification.test.js               | 0
 .../tests/registration-start.test.js                        | 0
 .../tests/registration-verification.test.js                 | 0
 templates.json                                              | 6 +++---
 18 files changed, 4 insertions(+), 4 deletions(-)
 rename {passkey-backend => passkeys-backend}/.env.example (100%)
 rename {passkey-backend => passkeys-backend}/.owners (100%)
 rename {passkey-backend => passkeys-backend}/CHANGELOG.md (100%)
 rename {passkey-backend => passkeys-backend}/README.md (100%)
 rename {passkey-backend => passkeys-backend}/assets/.well-know/apple-app-site-association (100%)
 rename {passkey-backend => passkeys-backend}/assets/.well-know/assetlinks.json (100%)
 rename {passkey-backend => passkeys-backend}/assets/index.html (100%)
 rename {passkey-backend => passkeys-backend}/assets/services/helpers.private.js (100%)
 rename {passkey-backend => passkeys-backend}/functions/authentication/start.js (100%)
 rename {passkey-backend => passkeys-backend}/functions/authentication/verification.js (100%)
 rename {passkey-backend => passkeys-backend}/functions/registration/start.js (100%)
 rename {passkey-backend => passkeys-backend}/functions/registration/verification.js (100%)
 rename {passkey-backend => passkeys-backend}/package.json (100%)
 rename {passkey-backend => passkeys-backend}/tests/authentication-verification.test.js (100%)
 rename {passkey-backend => passkeys-backend}/tests/registration-start.test.js (100%)
 rename {passkey-backend => passkeys-backend}/tests/registration-verification.test.js (100%)

diff --git a/package.json b/package.json
index e27834022..799e91bbf 100644
--- a/package.json
+++ b/package.json
@@ -139,6 +139,6 @@
     "voicemail",
     "verify-sna",
     "flex-dialpad",
-    "passkey-backend"
+    "passkeys-backend"
   ]
 }
diff --git a/passkey-backend/.env.example b/passkeys-backend/.env.example
similarity index 100%
rename from passkey-backend/.env.example
rename to passkeys-backend/.env.example
diff --git a/passkey-backend/.owners b/passkeys-backend/.owners
similarity index 100%
rename from passkey-backend/.owners
rename to passkeys-backend/.owners
diff --git a/passkey-backend/CHANGELOG.md b/passkeys-backend/CHANGELOG.md
similarity index 100%
rename from passkey-backend/CHANGELOG.md
rename to passkeys-backend/CHANGELOG.md
diff --git a/passkey-backend/README.md b/passkeys-backend/README.md
similarity index 100%
rename from passkey-backend/README.md
rename to passkeys-backend/README.md
diff --git a/passkey-backend/assets/.well-know/apple-app-site-association b/passkeys-backend/assets/.well-know/apple-app-site-association
similarity index 100%
rename from passkey-backend/assets/.well-know/apple-app-site-association
rename to passkeys-backend/assets/.well-know/apple-app-site-association
diff --git a/passkey-backend/assets/.well-know/assetlinks.json b/passkeys-backend/assets/.well-know/assetlinks.json
similarity index 100%
rename from passkey-backend/assets/.well-know/assetlinks.json
rename to passkeys-backend/assets/.well-know/assetlinks.json
diff --git a/passkey-backend/assets/index.html b/passkeys-backend/assets/index.html
similarity index 100%
rename from passkey-backend/assets/index.html
rename to passkeys-backend/assets/index.html
diff --git a/passkey-backend/assets/services/helpers.private.js b/passkeys-backend/assets/services/helpers.private.js
similarity index 100%
rename from passkey-backend/assets/services/helpers.private.js
rename to passkeys-backend/assets/services/helpers.private.js
diff --git a/passkey-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
similarity index 100%
rename from passkey-backend/functions/authentication/start.js
rename to passkeys-backend/functions/authentication/start.js
diff --git a/passkey-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
similarity index 100%
rename from passkey-backend/functions/authentication/verification.js
rename to passkeys-backend/functions/authentication/verification.js
diff --git a/passkey-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
similarity index 100%
rename from passkey-backend/functions/registration/start.js
rename to passkeys-backend/functions/registration/start.js
diff --git a/passkey-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
similarity index 100%
rename from passkey-backend/functions/registration/verification.js
rename to passkeys-backend/functions/registration/verification.js
diff --git a/passkey-backend/package.json b/passkeys-backend/package.json
similarity index 100%
rename from passkey-backend/package.json
rename to passkeys-backend/package.json
diff --git a/passkey-backend/tests/authentication-verification.test.js b/passkeys-backend/tests/authentication-verification.test.js
similarity index 100%
rename from passkey-backend/tests/authentication-verification.test.js
rename to passkeys-backend/tests/authentication-verification.test.js
diff --git a/passkey-backend/tests/registration-start.test.js b/passkeys-backend/tests/registration-start.test.js
similarity index 100%
rename from passkey-backend/tests/registration-start.test.js
rename to passkeys-backend/tests/registration-start.test.js
diff --git a/passkey-backend/tests/registration-verification.test.js b/passkeys-backend/tests/registration-verification.test.js
similarity index 100%
rename from passkey-backend/tests/registration-verification.test.js
rename to passkeys-backend/tests/registration-verification.test.js
diff --git a/templates.json b/templates.json
index 91d831cd6..24b63772b 100644
--- a/templates.json
+++ b/templates.json
@@ -341,9 +341,9 @@
       "description": "Transfers a call to another number"
     },
     {
-      "id": "passkey-backend",
-      "name": "Backend for passkey app",
-      "description": "Connect appliactions with the passkey service"
+      "id": "passkeys-backend",
+      "name": "Backend for passkeys app",
+      "description": "Connect appliactions with the passkeys service"
     }
   ]
 }

From fd8b8464ddc02f819737e39b7a4cfbc6a8188290 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Mon, 11 Mar 2024 08:17:41 -0500
Subject: [PATCH 08/16] removed unused relation

---
 passkeys-backend/assets/.well-know/assetlinks.json | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/passkeys-backend/assets/.well-know/assetlinks.json b/passkeys-backend/assets/.well-know/assetlinks.json
index 9a034df28..04a4e0bbe 100644
--- a/passkeys-backend/assets/.well-know/assetlinks.json
+++ b/passkeys-backend/assets/.well-know/assetlinks.json
@@ -19,16 +19,5 @@
       "package_name": "com.twilio.passkeys.android",
       "sha256_cert_fingerprints": ["{FINGERPRINT_CERTIFICATION_HASH}"]
     }
-  },
-  {
-    "relation": [
-      "delegate_permission/common.handle_all_urls",
-      "delegate_permission/common.get_login_creds"
-    ],
-    "target": {
-      "namespace": "android_app",
-      "package_name": "com.twilio.passkey_manager",
-      "sha256_cert_fingerprints": ["{FINGERPRINT_CERTIFICATION_HASH}"]
-    }
   }
 ]

From d93cbe5014efbf1b6897107106b99590fc7b4903 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Wed, 13 Mar 2024 09:48:08 -0500
Subject: [PATCH 09/16] add usage and deploy section and fix typos

---
 passkeys-backend/README.md | 20 +++++++++++++++++---
 templates.json             |  2 +-
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/passkeys-backend/README.md b/passkeys-backend/README.md
index e2d8d37c1..f9910d83c 100644
--- a/passkeys-backend/README.md
+++ b/passkeys-backend/README.md
@@ -2,6 +2,14 @@
 
 Verify enables developers to easily add Passkeys into their existing authentication flows, similar to Verify TOTP and Push. The Verify API supports passkey registration, public key storage, and auth flows. On the client-side, developers can optionally embed an open-source library (SDK) that handles interactions with operating systems and customizable UI widgets that maximize conversion.
 
+## How to use the template
+
+The best way to use the Function templates is through the Twilio CLI as described below. If you'd like to use the template without the Twilio CLI, [check out our usage docs](../docs/USING_FUNCTIONS.md).
+
+Make sure befores you use the template you have to set up your enviroment variables and 
+customize the associated files with your client applications origins you can find this 
+customization [here](#service-customization).
+
 ## Pre-requisites
 
 ### Environment variables
@@ -14,7 +22,7 @@ In your `.env` file, set the following values:
 
 | Variable | Description | Required |
 | :------- | :---------- | :------- |
-| API_URL | Passkey API to point at | yes |
+| API_URL | Passkeys API to point at | yes |
 | SERVICE_SID | Service used to call twilio services | yes |
 | RELYING_PARTY | Customer app or client | yes
 | ACCOUNT_SID | Twilio account where the service belong | yes |
@@ -71,6 +79,12 @@ Besides the enviroment variables files, the project also contain two files calle
 | signature | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | userHandle | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 
-## Test this project locally
+## Deploying
+
+Deploy your functions and assets with either of the following commands. Note: you must run these commands from inside your project folder. [More details in the docs.](https://www.twilio.com/docs/labs/serverless-toolkit)
+
+With the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
 
-Follow the steps in the [Twilio CLI Test](https://github.com/AuthyApps/twilio-cli-test) repository
+```
+twilio serverless:deploy
+```
diff --git a/templates.json b/templates.json
index 24b63772b..164d4351a 100644
--- a/templates.json
+++ b/templates.json
@@ -343,7 +343,7 @@
     {
       "id": "passkeys-backend",
       "name": "Backend for passkeys app",
-      "description": "Connect appliactions with the passkeys service"
+      "description": "Connect applications with the passkeys service"
     }
   ]
 }

From 6a6cfb50fddd45fd76a5c32c6209039c5a18425a Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Tue, 11 Jun 2024 04:09:05 -0500
Subject: [PATCH 10/16] last functional sample backend

---
 .../functions/authentication/start.js             | 11 ++++++++---
 .../functions/authentication/verification.js      | 14 ++++++++++----
 passkeys-backend/functions/registration/start.js  | 15 +++++++++++----
 .../functions/registration/verification.js        | 12 +++++++++++-
 4 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/passkeys-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
index d781b4d0e..03ee43408 100644
--- a/passkeys-backend/functions/authentication/start.js
+++ b/passkeys-backend/functions/authentication/start.js
@@ -1,10 +1,9 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { errorLogger } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
-exports.handler = async (context, _, callback) => {
+exports.handler = async (context, event, callback) => {
   const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
     context;
 
@@ -25,7 +24,13 @@ exports.handler = async (context, _, callback) => {
     });
     return callback(null, response.data.details);
   } catch (error) {
-    errorLogger(error);
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
     return callback('Something went wrong');
   }
 };
diff --git a/passkeys-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
index 606452b2c..475e6d259 100644
--- a/passkeys-backend/functions/authentication/verification.js
+++ b/passkeys-backend/functions/authentication/verification.js
@@ -1,9 +1,7 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams, errorLogger } = require(assets[
-  '/services/helpers.js'
-].path);
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
@@ -12,6 +10,7 @@ exports.handler = async (context, event, callback) => {
     [
       'id',
       'rawId',
+      // 'type',
       'clientDataJson',
       'authenticatorData',
       'signature',
@@ -28,6 +27,7 @@ exports.handler = async (context, event, callback) => {
     rawId: event.rawId,
     id: event.id,
     authenticatorAttachment: 'platform',
+    // type: event.type,
     type: 'public-key',
     response: {
       clientDataJSON: event.clientDataJson,
@@ -51,7 +51,13 @@ exports.handler = async (context, event, callback) => {
       identity: response.data.entity_identity,
     });
   } catch (error) {
-    errorLogger(error);
+    if (error.response) {
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
     return callback(null, error);
   }
 };
diff --git a/passkeys-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
index f4d1fcbb1..28fe04f21 100644
--- a/passkeys-backend/functions/registration/start.js
+++ b/passkeys-backend/functions/registration/start.js
@@ -1,9 +1,7 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams, errorLogger } = require(assets[
-  '/services/helpers.js'
-].path);
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 exports.handler = async (context, event, callback) => {
   const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
@@ -33,6 +31,8 @@ exports.handler = async (context, event, callback) => {
           `https://${RELYING_PARTY}`,
           'android:apk-key-hash:r-BvX79axOKgiSKVuBwFSylcgHo7aUuxCnumzx4XT6E',
           'android:apk-key-hash:UFzWPaUfGY8_scKVC2tGtgb-xBNXS5Z_PYajz3P-BVM',
+          'android:apk-key-hash:V9oDo6qGAoQG3r3vk7JJBAFBVrpSPvsp-QTlyttftAw',
+          'android:apk-key-hash:yOXmgJgVThpM_CUPlnaG4fEiFA0PpR1MCa-FbWfeiDM',
         ],
       },
       authenticator_criteria: {
@@ -59,7 +59,14 @@ exports.handler = async (context, event, callback) => {
       factor_sid: response.data.sid,
     });
   } catch (error) {
-    errorLogger(error);
+    if (error.response) {
+      console.log(error.response.data);
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
     return callback(null, error);
   }
 };
diff --git a/passkeys-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
index 856ca3863..ece9214cd 100644
--- a/passkeys-backend/functions/registration/verification.js
+++ b/passkeys-backend/functions/registration/verification.js
@@ -30,6 +30,9 @@ exports.handler = async (context, event, callback) => {
     },
   };
 
+  console.log('requestBody', requestBody);
+  console.log('response object', requestBody.response);
+
   const verifyFactorURL = `${API_URL}Services/${SERVICE_SID}/Factors/Verify`;
 
   try {
@@ -43,7 +46,14 @@ exports.handler = async (context, event, callback) => {
       status: response.data.status,
     });
   } catch (error) {
-    errorLogger(error);
+    if (error.response) {
+      console.log(error.response.data);
+      console.log('Client has given an error', error);
+    } else if (error.request) {
+      console.log('Runtime error', error);
+    } else {
+      console.log(error);
+    }
     return callback(null, error);
   }
 };

From 61d974f10ea6fb12cf80350c5828e834fc76bf1f Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 13 Jun 2024 14:00:33 -0500
Subject: [PATCH 11/16] migrate passkeys backend to comms

---
 .../functions/authentication/start.js         | 12 ++++----
 .../functions/authentication/verification.js  | 28 ++++++++++---------
 .../functions/registration/start.js           | 18 ++++--------
 .../functions/registration/verification.js    | 25 +++++++++--------
 4 files changed, 41 insertions(+), 42 deletions(-)

diff --git a/passkeys-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
index 03ee43408..09855a7d0 100644
--- a/passkeys-backend/functions/authentication/start.js
+++ b/passkeys-backend/functions/authentication/start.js
@@ -4,16 +4,16 @@ const assets = Runtime.getAssets();
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
-  const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
-    context;
+  const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
   const requestBody = {
-    details: {
-      rpId: RELYING_PARTY,
+    content: {
+      // eslint-disable-next-line camelcase
+      rp_id: RELYING_PARTY,
     },
   };
 
-  const challengeURL = `${API_URL}Services/${SERVICE_SID}/Challenges`;
+  const challengeURL = `${API_URL}/Verifications`;
 
   try {
     const response = await axios.post(challengeURL, requestBody, {
@@ -22,7 +22,7 @@ exports.handler = async (context, event, callback) => {
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, response.data.details);
+    return callback(null, response.data.next_step);
   } catch (error) {
     if (error.response) {
       console.log('Client has given an error', error);
diff --git a/passkeys-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
index 475e6d259..91eaf4ce9 100644
--- a/passkeys-backend/functions/authentication/verification.js
+++ b/passkeys-backend/functions/authentication/verification.js
@@ -5,7 +5,7 @@ const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
-  const { API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
   const missingParams = detectMissingParams(
     [
       'id',
@@ -24,20 +24,22 @@ exports.handler = async (context, event, callback) => {
     );
 
   const requestBody = {
-    rawId: event.rawId,
-    id: event.id,
-    authenticatorAttachment: 'platform',
-    // type: event.type,
-    type: 'public-key',
-    response: {
-      clientDataJSON: event.clientDataJson,
-      authenticatorData: event.authenticatorData,
-      signature: event.signature,
-      userHandle: event.userHandle,
+    content: {
+      rawId: event.rawId,
+      id: event.id,
+      authenticatorAttachment: 'platform',
+      // type: event.type,
+      type: 'public-key',
+      response: {
+        clientDataJSON: event.clientDataJson,
+        authenticatorData: event.authenticatorData,
+        signature: event.signature,
+        userHandle: event.userHandle,
+      },
     },
   };
 
-  const verifyChallengeURL = `${API_URL}Services/${SERVICE_SID}/Challenges/Verify`;
+  const verifyChallengeURL = `${API_URL}/Verifications/Check`;
 
   try {
     const response = await axios.post(verifyChallengeURL, requestBody, {
@@ -48,7 +50,7 @@ exports.handler = async (context, event, callback) => {
     });
     return callback(null, {
       status: response.data.status,
-      identity: response.data.entity_identity,
+      identity: response.data.to.user_identifier,
     });
   } catch (error) {
     if (error.response) {
diff --git a/passkeys-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
index 28fe04f21..f719c5c93 100644
--- a/passkeys-backend/functions/registration/start.js
+++ b/passkeys-backend/functions/registration/start.js
@@ -4,8 +4,7 @@ const assets = Runtime.getAssets();
 const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 exports.handler = async (context, event, callback) => {
-  const { RELYING_PARTY, API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } =
-    context;
+  const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
   // Verify request comes with username
   const missingParams = detectMissingParams(['username'], event);
@@ -18,12 +17,10 @@ exports.handler = async (context, event, callback) => {
   /* eslint-disable camelcase */
   const requestBody = {
     friendly_name: 'TouchID',
-    factory_type: 'passkeys',
-    entity: {
-      identity: event.username,
-      display_name: event.username,
+    to: {
+      user_identifier: event.username,
     },
-    config: {
+    content: {
       relying_party: {
         id: RELYING_PARTY,
         name: 'PasskeySample',
@@ -44,7 +41,7 @@ exports.handler = async (context, event, callback) => {
   };
 
   // Factor URL of the passkeys service
-  const factorURL = `${API_URL}Services/${SERVICE_SID}/Factors`;
+  const factorURL = `${API_URL}/Factors`;
 
   // Call made to the passkeys service
   try {
@@ -54,10 +51,7 @@ exports.handler = async (context, event, callback) => {
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, {
-      ...response.data.config.creation_request,
-      factor_sid: response.data.sid,
-    });
+    return callback(null, response.data.next_step);
   } catch (error) {
     if (error.response) {
       console.log(error.response.data);
diff --git a/passkeys-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
index ece9214cd..bb3ed2dcb 100644
--- a/passkeys-backend/functions/registration/verification.js
+++ b/passkeys-backend/functions/registration/verification.js
@@ -7,7 +7,7 @@ const { detectMissingParams, errorLogger } = require(assets[
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
-  const { API_URL, SERVICE_SID, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
   const missingParams = detectMissingParams(
     ['id', 'attestationObject', 'rawId', 'clientDataJson', 'transports'],
@@ -19,21 +19,23 @@ exports.handler = async (context, event, callback) => {
     );
 
   const requestBody = {
-    id: event.id,
-    rawId: event.rawId,
-    authenticatorAttachment: 'platform',
-    type: 'public-key',
-    response: {
-      attestationObject: event.attestationObject,
-      clientDataJSON: event.clientDataJson,
-      transports: event.transports,
+    content: {
+      id: event.id,
+      rawId: event.rawId,
+      authenticatorAttachment: 'platform',
+      type: 'public-key',
+      response: {
+        attestationObject: event.attestationObject,
+        clientDataJSON: event.clientDataJson,
+        transports: event.transports,
+      },
     },
   };
 
   console.log('requestBody', requestBody);
   console.log('response object', requestBody.response);
 
-  const verifyFactorURL = `${API_URL}Services/${SERVICE_SID}/Factors/Verify`;
+  const verifyFactorURL = `${API_URL}/Factors/Approve`;
 
   try {
     const response = await axios.post(verifyFactorURL, requestBody, {
@@ -43,7 +45,8 @@ exports.handler = async (context, event, callback) => {
       },
     });
     return callback(null, {
-      status: response.data.status,
+      status:
+        response.data.status === 'approved' ? 'verified' : response.data.status,
     });
   } catch (error) {
     if (error.response) {

From 0de51a4bb8246b44a8c213d9ac69b3f78755cac6 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 20 Jun 2024 06:03:31 -0500
Subject: [PATCH 12/16] Setup ready for PR

---
 passkeys-backend/.env.example                 |  1 -
 passkeys-backend/README.md                    |  1 -
 .../assets/services/helpers.private.js        | 11 -----
 .../functions/authentication/start.js         | 24 ++++++-----
 .../functions/authentication/verification.js  | 39 ++++++++++--------
 .../functions/registration/start.js           | 31 ++++++++------
 .../functions/registration/verification.js    | 41 ++++++++++---------
 .../tests/authentication-start.test.js        | 38 +++++++++++++++++
 .../tests/authentication-verification.test.js | 27 ++++++------
 .../tests/registration-start.test.js          | 14 ++++---
 .../tests/registration-verification.test.js   | 27 ++++++------
 11 files changed, 150 insertions(+), 104 deletions(-)
 create mode 100644 passkeys-backend/tests/authentication-start.test.js

diff --git a/passkeys-backend/.env.example b/passkeys-backend/.env.example
index 1bec353a0..1b0b34d66 100644
--- a/passkeys-backend/.env.example
+++ b/passkeys-backend/.env.example
@@ -1,5 +1,4 @@
 API_URL=
-SERVICE_SID=
 RELYING_PARTY=
 ACCOUNT_SID=
 AUTH_TOKEN=
\ No newline at end of file
diff --git a/passkeys-backend/README.md b/passkeys-backend/README.md
index f9910d83c..6365713a4 100644
--- a/passkeys-backend/README.md
+++ b/passkeys-backend/README.md
@@ -23,7 +23,6 @@ In your `.env` file, set the following values:
 | Variable | Description | Required |
 | :------- | :---------- | :------- |
 | API_URL | Passkeys API to point at | yes |
-| SERVICE_SID | Service used to call twilio services | yes |
 | RELYING_PARTY | Customer app or client | yes
 | ACCOUNT_SID | Twilio account where the service belong | yes |
 | AUTH_TOKEN | Authentication token for twilio account | yes |
diff --git a/passkeys-backend/assets/services/helpers.private.js b/passkeys-backend/assets/services/helpers.private.js
index a8da0dd25..51fab6616 100644
--- a/passkeys-backend/assets/services/helpers.private.js
+++ b/passkeys-backend/assets/services/helpers.private.js
@@ -5,17 +5,6 @@ const detectMissingParams = (paramNames, event) => {
   return missingParams.length > 0 ? missingParams : null;
 };
 
-const errorLogger = (error) => {
-  if (error.response) {
-    console.log('Client has given an error', error);
-  } else if (error.request) {
-    console.log('Runtime error', error);
-  } else {
-    console.log(error);
-  }
-};
-
 module.exports = {
   detectMissingParams,
-  errorLogger,
 };
diff --git a/passkeys-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
index 09855a7d0..bd41c236e 100644
--- a/passkeys-backend/functions/authentication/start.js
+++ b/passkeys-backend/functions/authentication/start.js
@@ -3,9 +3,12 @@ const axios = require('axios');
 const assets = Runtime.getAssets();
 
 // eslint-disable-next-line consistent-return
-exports.handler = async (context, event, callback) => {
+exports.handler = async (context, _, callback) => {
   const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
+  const response = new Twilio.Response();
+  response.appendHeader('Content-Type', 'application/json');
+
   const requestBody = {
     content: {
       // eslint-disable-next-line camelcase
@@ -16,21 +19,20 @@ exports.handler = async (context, event, callback) => {
   const challengeURL = `${API_URL}/Verifications`;
 
   try {
-    const response = await axios.post(challengeURL, requestBody, {
+    const APIResponse = await axios.post(challengeURL, requestBody, {
       auth: {
         username: ACCOUNT_SID,
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, response.data.next_step);
+
+    response.setStatusCode(200);
+    response.setBody(APIResponse.data.next_step);
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
-    return callback('Something went wrong');
+    const statusCode = error.status || 400;
+    response.setStatusCode(statusCode);
+    response.setBody(error.message);
   }
+
+  return callback(null, response);
 };
diff --git a/passkeys-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
index 91eaf4ce9..230102696 100644
--- a/passkeys-backend/functions/authentication/verification.js
+++ b/passkeys-backend/functions/authentication/verification.js
@@ -3,14 +3,16 @@ const axios = require('axios');
 const assets = Runtime.getAssets();
 const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
-// eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
   const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
+
+  const response = new Twilio.Response();
+  response.appendHeader('Content-Type', 'application/json');
+
   const missingParams = detectMissingParams(
     [
       'id',
       'rawId',
-      // 'type',
       'clientDataJson',
       'authenticatorData',
       'signature',
@@ -18,17 +20,21 @@ exports.handler = async (context, event, callback) => {
     ],
     event
   );
-  if (missingParams)
-    return callback(
+
+  if (missingParams) {
+    response.setStatusCode(400);
+    response.setBody(
       `Missing parameters; please provide: '${missingParams.join(', ')}'.`
     );
 
+    return callback(null, response);
+  }
+
   const requestBody = {
     content: {
       rawId: event.rawId,
       id: event.id,
       authenticatorAttachment: 'platform',
-      // type: event.type,
       type: 'public-key',
       response: {
         clientDataJSON: event.clientDataJson,
@@ -42,24 +48,23 @@ exports.handler = async (context, event, callback) => {
   const verifyChallengeURL = `${API_URL}/Verifications/Check`;
 
   try {
-    const response = await axios.post(verifyChallengeURL, requestBody, {
+    const APIresponse = await axios.post(verifyChallengeURL, requestBody, {
       auth: {
         username: ACCOUNT_SID,
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, {
-      status: response.data.status,
-      identity: response.data.to.user_identifier,
+
+    response.setStatusCode(200);
+    response.setBody({
+      status: APIresponse.data.status,
+      identity: APIresponse.data.to.user_identifier,
     });
   } catch (error) {
-    if (error.response) {
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
-    return callback(null, error);
+    const statusCode = error.status || 400;
+    response.setStatusCode(statusCode);
+    response.setBody(error.message);
   }
+
+  return callback(null, response);
 };
diff --git a/passkeys-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
index f719c5c93..9fc8c1f98 100644
--- a/passkeys-backend/functions/registration/start.js
+++ b/passkeys-backend/functions/registration/start.js
@@ -6,13 +6,20 @@ const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 exports.handler = async (context, event, callback) => {
   const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
+  const response = new Twilio.Response();
+  response.appendHeader('Content-Type', 'application/json');
+
   // Verify request comes with username
   const missingParams = detectMissingParams(['username'], event);
-  if (missingParams)
-    return callback(
+  if (missingParams) {
+    response.setStatusCode(400);
+    response.setBody(
       `Missing parameters; please provide: '${missingParams.join(', ')}'.`
     );
 
+    return callback(null, response);
+  }
+
   // Request body sent to passkeys verify URL call
   /* eslint-disable camelcase */
   const requestBody = {
@@ -45,22 +52,20 @@ exports.handler = async (context, event, callback) => {
 
   // Call made to the passkeys service
   try {
-    const response = await axios.post(factorURL, requestBody, {
+    const APIResponse = await axios.post(factorURL, requestBody, {
       auth: {
         username: ACCOUNT_SID,
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, response.data.next_step);
+
+    response.setStatusCode(200);
+    response.setBody(APIResponse.data.next_step);
   } catch (error) {
-    if (error.response) {
-      console.log(error.response.data);
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
-    return callback(null, error);
+    const statusCode = error.status || 400;
+    response.setStatusCode(statusCode);
+    response.setBody(error.message);
   }
+
+  return callback(null, response);
 };
diff --git a/passkeys-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
index bb3ed2dcb..5ffc8b184 100644
--- a/passkeys-backend/functions/registration/verification.js
+++ b/passkeys-backend/functions/registration/verification.js
@@ -1,23 +1,28 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams, errorLogger } = require(assets[
-  '/services/helpers.js'
-].path);
+const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
   const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
 
+  const response = new Twilio.Response();
+  response.appendHeader('Content-Type', 'application/json');
+
   const missingParams = detectMissingParams(
     ['id', 'attestationObject', 'rawId', 'clientDataJson', 'transports'],
     event
   );
-  if (missingParams)
-    return callback(
+  if (missingParams) {
+    response.setStatusCode(400);
+    response.setBody(
       `Missing parameters; please provide: '${missingParams.join(', ')}'.`
     );
 
+    return callback(null, response);
+  }
+
   const requestBody = {
     content: {
       id: event.id,
@@ -32,31 +37,27 @@ exports.handler = async (context, event, callback) => {
     },
   };
 
-  console.log('requestBody', requestBody);
-  console.log('response object', requestBody.response);
-
   const verifyFactorURL = `${API_URL}/Factors/Approve`;
 
   try {
-    const response = await axios.post(verifyFactorURL, requestBody, {
+    const APIResponse = await axios.post(verifyFactorURL, requestBody, {
       auth: {
         username: ACCOUNT_SID,
         password: AUTH_TOKEN,
       },
     });
-    return callback(null, {
+    response.setStatusCode(200);
+    response.setBody({
       status:
-        response.data.status === 'approved' ? 'verified' : response.data.status,
+        APIResponse.data.status === 'approved'
+          ? 'verified'
+          : APIResponse.data.status,
     });
   } catch (error) {
-    if (error.response) {
-      console.log(error.response.data);
-      console.log('Client has given an error', error);
-    } else if (error.request) {
-      console.log('Runtime error', error);
-    } else {
-      console.log(error);
-    }
-    return callback(null, error);
+    const statusCode = error.status || 400;
+    response.setStatusCode(statusCode);
+    response.setBody(error.message);
   }
+
+  return callback(null, response);
 };
diff --git a/passkeys-backend/tests/authentication-start.test.js b/passkeys-backend/tests/authentication-start.test.js
new file mode 100644
index 000000000..c746b2835
--- /dev/null
+++ b/passkeys-backend/tests/authentication-start.test.js
@@ -0,0 +1,38 @@
+const axios = require('axios');
+const helpers = require('../../test/test-helper');
+
+jest.mock('axios');
+
+describe('authentication/start', () => {
+  beforeAll(() => {
+    jest.clearAllMocks();
+    const runtime = new helpers.MockRuntime();
+    runtime._addAsset(
+      '/services/helpers.js',
+      '../assets/services/helpers.private.js'
+    );
+    helpers.setup({}, runtime);
+    handlerFunction = require('../functions/authentication/start').handler;
+  });
+  afterAll(() => {
+    helpers.teardown();
+  });
+  beforeEach(() => {
+    jest.resetModules();
+    axios.post.mockClear();
+  });
+
+  it('returns error with unsuccesfull request', (done) => {
+    const expectedError = new Error('something bad happened');
+    axios.post = jest.fn(() => Promise.reject(expectedError));
+
+    const callback = (_, { _body }) => {
+      expect(_body).toBeDefined();
+      expect(axios.post).toHaveBeenCalledTimes(1);
+      expect(_body).toEqual(expectedError.message);
+      done();
+    };
+
+    handlerFunction({}, {}, callback);
+  });
+});
diff --git a/passkeys-backend/tests/authentication-verification.test.js b/passkeys-backend/tests/authentication-verification.test.js
index d3c676092..fb80eceda 100644
--- a/passkeys-backend/tests/authentication-verification.test.js
+++ b/passkeys-backend/tests/authentication-verification.test.js
@@ -6,7 +6,6 @@ jest.mock('axios');
 const testEvent = {
   id: '12345',
   rawId: 'randomRawId',
-  type: 'test-type',
   clientDataJson: {},
   authenticatorData: {},
   signature: 'test-signature',
@@ -35,10 +34,12 @@ describe('authentication/verification', () => {
 
   describe('when multiple required parameters are missing', () => {
     it('returns an error indicating multiple missing parameters', (done) => {
-      const callback = (_err) => {
-        expect(_err).toBeDefined();
-        expect(_err).toEqual(
-          `Missing parameters; please provide: 'id, rawId, type, clientDataJson, authenticatorData, signature, userHandle'.`
+      const callback = (_, { _body, _statusCode }) => {
+        expect(_statusCode).toBeDefined();
+        expect(_body).toBeDefined();
+        expect(_statusCode).toEqual(400);
+        expect(_body).toEqual(
+          `Missing parameters; please provide: 'id, rawId, clientDataJson, authenticatorData, signature, userHandle'.`
         );
         done();
       };
@@ -46,10 +47,12 @@ describe('authentication/verification', () => {
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
-      const callback = (_err) => {
-        expect(_err).toBeDefined();
-        expect(_err).toEqual(
-          `Missing parameters; please provide: 'type, clientDataJson, authenticatorData, signature, userHandle'.`
+      const callback = (_, { _body, _statusCode }) => {
+        expect(_statusCode).toBeDefined();
+        expect(_body).toBeDefined();
+        expect(_statusCode).toEqual(400);
+        expect(_body).toEqual(
+          `Missing parameters; please provide: 'clientDataJson, authenticatorData, signature, userHandle'.`
         );
         done();
       };
@@ -69,10 +72,10 @@ describe('authentication/verification', () => {
       const expectedError = new Error('something bad happened');
       axios.post = jest.fn(() => Promise.reject(expectedError));
 
-      const callback = (_err, result) => {
-        expect(result).toBeDefined();
+      const callback = (_, { _body }) => {
+        expect(_body).toBeDefined();
         expect(axios.post).toHaveBeenCalledTimes(1);
-        expect(result).toEqual(expectedError);
+        expect(_body).toEqual(expectedError.message);
         done();
       };
 
diff --git a/passkeys-backend/tests/registration-start.test.js b/passkeys-backend/tests/registration-start.test.js
index 45ec1fa75..3918d4cbb 100644
--- a/passkeys-backend/tests/registration-start.test.js
+++ b/passkeys-backend/tests/registration-start.test.js
@@ -23,9 +23,11 @@ describe('registration/start', () => {
   });
 
   it('returns an error response indicating the missing parameters', (done) => {
-    const callback = (_err) => {
-      expect(_err).toBeDefined();
-      expect(_err).toEqual(`Missing parameters; please provide: 'username'.`);
+    const callback = (_, { _body, _statusCode }) => {
+      expect(_statusCode).toBeDefined();
+      expect(_body).toBeDefined();
+      expect(_statusCode).toEqual(400);
+      expect(_body).toEqual(`Missing parameters; please provide: 'username'.`);
       done();
     };
     handlerFunction({}, {}, callback);
@@ -35,10 +37,10 @@ describe('registration/start', () => {
     const expectedError = new Error('something bad happened');
     axios.post = jest.fn(() => Promise.reject(expectedError));
 
-    const callback = (_err, result) => {
-      expect(result).toBeDefined();
+    const callback = (_, { _body }) => {
+      expect(_body).toBeDefined();
       expect(axios.post).toHaveBeenCalledTimes(1);
-      expect(result).toEqual(expectedError);
+      expect(_body).toEqual(expectedError.message);
       done();
     };
 
diff --git a/passkeys-backend/tests/registration-verification.test.js b/passkeys-backend/tests/registration-verification.test.js
index b78c43401..feea7aaf5 100644
--- a/passkeys-backend/tests/registration-verification.test.js
+++ b/passkeys-backend/tests/registration-verification.test.js
@@ -7,7 +7,6 @@ const testEvent = {
   id: '12345',
   attestationObject: {},
   rawId: 'randomRawId',
-  type: 'test-type',
   clientDataJson: {},
   transports: 'test-transport',
 };
@@ -33,10 +32,12 @@ describe('registration/verification', () => {
 
   describe('when multiple required parameters are missing', () => {
     it('returns an error indicating multiple missing parameters', (done) => {
-      const callback = (_err) => {
-        expect(_err).toBeDefined();
-        expect(_err).toEqual(
-          `Missing parameters; please provide: 'id, attestationObject, rawId, type, clientDataJson, transports'.`
+      const callback = (_, { _body, _statusCode }) => {
+        expect(_statusCode).toBeDefined();
+        expect(_body).toBeDefined();
+        expect(_statusCode).toEqual(400);
+        expect(_body).toEqual(
+          `Missing parameters; please provide: 'id, attestationObject, rawId, clientDataJson, transports'.`
         );
         done();
       };
@@ -44,10 +45,12 @@ describe('registration/verification', () => {
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
-      const callback = (_err) => {
-        expect(_err).toBeDefined();
-        expect(_err).toEqual(
-          `Missing parameters; please provide: 'attestationObject, type, clientDataJson, transports'.`
+      const callback = (_, { _body, _statusCode }) => {
+        expect(_statusCode).toBeDefined();
+        expect(_body).toBeDefined();
+        expect(_statusCode).toEqual(400);
+        expect(_body).toEqual(
+          `Missing parameters; please provide: 'attestationObject, clientDataJson, transports'.`
         );
         done();
       };
@@ -67,10 +70,10 @@ describe('registration/verification', () => {
       const expectedError = new Error('something bad happened');
       axios.post = jest.fn(() => Promise.reject(expectedError));
 
-      const callback = (_err, result) => {
-        expect(result).toBeDefined();
+      const callback = (_, { _body }) => {
+        expect(_body).toBeDefined();
         expect(axios.post).toHaveBeenCalledTimes(1);
-        expect(result).toEqual(expectedError);
+        expect(_body).toEqual(expectedError.message);
         done();
       };
 

From 845f2c28a2fcbef5fe7b8a740357642e32f7fa29 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 20 Jun 2024 06:04:25 -0500
Subject: [PATCH 13/16] unused variabe removed

---
 passkeys-backend/functions/authentication/start.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/passkeys-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
index bd41c236e..e5009b12e 100644
--- a/passkeys-backend/functions/authentication/start.js
+++ b/passkeys-backend/functions/authentication/start.js
@@ -1,7 +1,5 @@
 const axios = require('axios');
 
-const assets = Runtime.getAssets();
-
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, _, callback) => {
   const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;

From fc93745a679fd426efad5b3b0b7d7e94c61e1955 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Mon, 24 Jun 2024 05:20:16 -0500
Subject: [PATCH 14/16] using webauthn-json packacge

---
 passkeys-backend/assets/index.html | 64 +++++++-----------------------
 1 file changed, 15 insertions(+), 49 deletions(-)

diff --git a/passkeys-backend/assets/index.html b/passkeys-backend/assets/index.html
index 8a0be9c4b..54a33b240 100644
--- a/passkeys-backend/assets/index.html
+++ b/passkeys-backend/assets/index.html
@@ -10,6 +10,7 @@
         <link rel="stylesheet" href="https://twilio-labs.github.io/function-templates/static/v1/ce-paste-theme.css">
         <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/css/intlTelInput.css">
         <script src="https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/js/intlTelInput.min.js"></script>
+        <script src="https://cdn.jsdelivr.net/npm/@github/webauthn-json@2.1.1/dist/browser-global/webauthn-json.browser-global.min.js"></script>
         <style>
             body {
                 margin: 0;
@@ -238,15 +239,9 @@ <h1 class="title" id="welcome"></h1>
             try {
                 const response = await fetch(`./authentication/start`);
                 const responseJSON = await response.json();
-                const { challenge, rpId, allowCredentials, timeout, userVerification } = responseJSON.publicKey
-                const publicKey = {
-                    challenge: Uint8Array.from(atob(challenge), c => c.charCodeAt(0)),
-                    rpId,
-                    allowCredentials,
-                    userVerification
-                }
-                
-                navigator.credentials.get({ publicKey })
+
+
+                window.webauthnJSON.get(responseJSON)
                     .then(async (publicKeyCredential) => {
                         const { id, rawId, response, type, authenticatorAttachment } = publicKeyCredential
                         const { authenticatorData, clientDataJSON, signature, userHandle } = response
@@ -258,11 +253,11 @@ <h1 class="title" id="welcome"></h1>
                             },
                             body: JSON.stringify({
                                 id: id,
-                                rawId: ArrayBufferToBase64(rawId),
-                                clientDataJson: ArrayBufferToBase64(clientDataJSON),
-                                authenticatorData: ArrayBufferToBase64(authenticatorData),
-                                signature: ArrayBufferToBase64(signature),
-                                userHandle: ArrayBufferToBase64(userHandle)
+                                rawId: rawId,
+                                clientDataJson: clientDataJSON,
+                                authenticatorData: authenticatorData,
+                                signature: signature,
+                                userHandle: userHandle
                             })
                         });
 
@@ -300,41 +295,12 @@ <h1 class="title" id="welcome"></h1>
                 });
 
                 const responseJSON = await response.json();
-                const { challenge, rp, user, pubKeyCredParams, factor_sid } = responseJSON;
-
-                const createCredentialDefaultArgs = {
-                    publicKey: {
-                        rp: {
-                            name: rp.name,
-                            id: rp.id
-                        },
-                        user: {
-                            id: strToArrayBuffer(user.id),
-                            name: user.name,
-                            displayName: user.displayName
-                        },
-                        pubKeyCredParams: [{ type: "public-key", alg: -7 }],
-                        attestation: "none",
-                        timeout: 600000,
-                        challenge: strToArrayBuffer(challenge),
-                        authenticatorSelection: {
-                            residentKey: "preferred"
-                        },
-                        extensions: {
-                            credProps: true,
-                        }
-                    }
-                }
                 
-                let credential = await navigator.credentials.create(createCredentialDefaultArgs);
+                let credential = await window.webauthnJSON.create({publicKey: responseJSON});
 
 
                 const { id, rawId, authenticatorAttachment, response: pubKeyCredResponse, type } = credential;
-                const { attestationObject, clientDataJSON } = pubKeyCredResponse;
-                
-                const rawIdString = ArrayBufferToBase64(rawId);
-                const attestationObjectString = ArrayBufferToBase64(attestationObject);
-                const clientDataJSONString = ArrayBufferToBase64(clientDataJSON);
+                const { attestationObject, clientDataJSON, transports } = pubKeyCredResponse;
 
                 const verificationResponse = await fetch(`./registration/verification`, {
                     method: "POST",
@@ -343,10 +309,10 @@ <h1 class="title" id="welcome"></h1>
                     },
                     body: JSON.stringify({
                         id: id,
-                        attestationObject: attestationObjectString,
-                        rawId: rawIdString,
-                        clientDataJson: clientDataJSONString,
-                        transports: ["internal"]
+                        attestationObject: attestationObject,
+                        rawId: rawId,
+                        clientDataJson: clientDataJSON,
+                        transports: transports
                     })
                 });
 

From 32881f66e6e64d76aaa988ecf6362297b480d629 Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Thu, 27 Jun 2024 05:21:24 -0500
Subject: [PATCH 15/16] simplifiead object structuring and use of twilio client
 function

---
 passkeys-backend/.env.example                 | 14 ++++-
 passkeys-backend/README.md                    |  7 ++-
 passkeys-backend/assets/index.html            | 61 +++----------------
 .../functions/authentication/start.js         |  8 ++-
 .../functions/authentication/verification.js  | 12 ++--
 .../functions/registration/start.js           | 16 ++---
 .../functions/registration/verification.js    | 12 ++--
 passkeys-backend/package.json                 |  3 +-
 .../tests/authentication-start.test.js        |  9 ++-
 .../tests/authentication-verification.test.js | 19 ++++--
 .../tests/registration-start.test.js          | 14 ++++-
 .../tests/registration-verification.test.js   | 19 ++++--
 12 files changed, 98 insertions(+), 96 deletions(-)

diff --git a/passkeys-backend/.env.example b/passkeys-backend/.env.example
index 1b0b34d66..0e8dba08e 100644
--- a/passkeys-backend/.env.example
+++ b/passkeys-backend/.env.example
@@ -1,4 +1,14 @@
+# description: The URL of the comms API for passkeys
+# format: url
+# required: true
 API_URL=
+
+# description: The domain of the relying party
+# format: url
+# required: true
 RELYING_PARTY=
-ACCOUNT_SID=
-AUTH_TOKEN=
\ No newline at end of file
+
+# description: The domain of the adroid identity provider
+# format: list
+# required: true
+ANDROID_APP_KEYS=
diff --git a/passkeys-backend/README.md b/passkeys-backend/README.md
index 6365713a4..6d03f52d9 100644
--- a/passkeys-backend/README.md
+++ b/passkeys-backend/README.md
@@ -16,6 +16,8 @@ customization [here](#service-customization).
 
 This project requires some environment variables to be set. A file named `.env` is used to store the values for those environment variables. To keep your tokens and secrets secure, make sure to not commit the `.env` file in git. When setting up the project with `twilio serverless:init ...` the Twilio CLI will create a `.gitignore` file that excludes `.env` from the version history.
 
+- Enable ACCOUNT_SID and AUTH_TOKEN in your functions configuration (https://www.twilio.com/console/functions/configure)
+
 You can find a `.env.example` file to copy for creating your own `.env` file
 
 In your `.env` file, set the following values:
@@ -24,6 +26,7 @@ In your `.env` file, set the following values:
 | :------- | :---------- | :------- |
 | API_URL | Passkeys API to point at | yes |
 | RELYING_PARTY | Customer app or client | yes
+| ANDROID_APP_KEYS | The domain of the adroid identity providers hash | yes |
 | ACCOUNT_SID | Twilio account where the service belong | yes |
 | AUTH_TOKEN | Authentication token for twilio account | yes |
 
@@ -61,7 +64,7 @@ Besides the enviroment variables files, the project also contain two files calle
 | id | A base64url encoded representation of `rawId`. | yes |
 | rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
 | attestationObject | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
-| clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| clientDataJSON | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | transports | An Array with the transport methods given by the `AuthenticatorAttestationResponse` | yes |
 
 
@@ -74,7 +77,7 @@ Besides the enviroment variables files, the project also contain two files calle
 | id | A base64url encoded representation of `rawId`. | yes |
 | rawId | The globally unique identifier for this `PublicKeyCredential`. | yes |
 | authenticatorData | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
-| clientDataJson | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
+| clientDataJSON | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | signature | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 | userHandle | A base64url encoded object given by the `AuthenticatorAttestationResponse` | yes |
 
diff --git a/passkeys-backend/assets/index.html b/passkeys-backend/assets/index.html
index 54a33b240..a2c883f1d 100644
--- a/passkeys-backend/assets/index.html
+++ b/passkeys-backend/assets/index.html
@@ -201,33 +201,6 @@ <h1 class="title" id="welcome"></h1>
             }
         }
 
-        function ArrayBufferToBase64(buffer) {
-            // Convert ArrayBuffer to base64 string
-            const binary = String.fromCharCode.apply(null, new Uint8Array(buffer));
-            let base64String = btoa(binary);
-
-            // Replace characters not allowed in base64url with their corresponding URL-safe alternatives
-            base64String = base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-
-            return base64String;
-        }
-
-        const strToArrayBuffer = (str) => {
-            const decodedString = atob(str);
-
-            const buffer = new Uint8Array(decodedString.length);
-            for (let i = 0; i < buffer.length; i++) {
-                buffer[i] = decodedString.charCodeAt(i);
-            }
-            return buffer;
-        }
-
-        function stringToArrayBuffer(str) {
-            const encoder = new TextEncoder();
-            const uint8Array = encoder.encode(str);
-            return uint8Array.buffer;
-        }
-
         const login = () => {
             const authenticationCard = document.getElementById("container");
             const passkeyCard = document.getElementById("modal");
@@ -240,11 +213,8 @@ <h1 class="title" id="welcome"></h1>
                 const response = await fetch(`./authentication/start`);
                 const responseJSON = await response.json();
 
-
                 window.webauthnJSON.get(responseJSON)
                     .then(async (publicKeyCredential) => {
-                        const { id, rawId, response, type, authenticatorAttachment } = publicKeyCredential
-                        const { authenticatorData, clientDataJSON, signature, userHandle } = response
 
                         const authentication = await fetch('./authentication/verification', {
                             method: "POST",
@@ -252,17 +222,13 @@ <h1 class="title" id="welcome"></h1>
                                 "Content-Type": "application/json"
                             },
                             body: JSON.stringify({
-                                id: id,
-                                rawId: rawId,
-                                clientDataJson: clientDataJSON,
-                                authenticatorData: authenticatorData,
-                                signature: signature,
-                                userHandle: userHandle
+                                id: publicKeyCredential.id,
+                                rawId: publicKeyCredential.rawId,
+                                ...publicKeyCredential.response
                             })
                         });
 
-                        const authenticationJSON = await authentication.json();
-                        const {status, identity} = authenticationJSON
+                        const { status, identity } = await authentication.json();
                         if(status === "approved") {
                             sessionStorage.setItem('session', identity);
                             loadApp(identity);
@@ -289,35 +255,26 @@ <h1 class="title" id="welcome"></h1>
                     headers: {
                         "Content-Type": "application/json"
                     },
-                    body: JSON.stringify({
-                        username: username
-                    })
+                    body: JSON.stringify({ username })
                 });
 
                 const responseJSON = await response.json();
                 
                 let credential = await window.webauthnJSON.create({publicKey: responseJSON});
 
-
-                const { id, rawId, authenticatorAttachment, response: pubKeyCredResponse, type } = credential;
-                const { attestationObject, clientDataJSON, transports } = pubKeyCredResponse;
-
                 const verificationResponse = await fetch(`./registration/verification`, {
                     method: "POST",
                     headers: {
                         "Content-Type": "application/json"
                     },
                     body: JSON.stringify({
-                        id: id,
-                        attestationObject: attestationObject,
-                        rawId: rawId,
-                        clientDataJson: clientDataJSON,
-                        transports: transports
+                        id: credential.id,
+                        rawId: credential.rawId,
+                        ...credential.response
                     })
                 });
 
-                const verRespJSON = await verificationResponse.json();
-                const { status } = verRespJSON
+                const { status } = await verificationResponse.json();
                 if (status === 'verified') {
                     sessionStorage.setItem('session', username);
                     loadApp(username);
diff --git a/passkeys-backend/functions/authentication/start.js b/passkeys-backend/functions/authentication/start.js
index e5009b12e..22778efe8 100644
--- a/passkeys-backend/functions/authentication/start.js
+++ b/passkeys-backend/functions/authentication/start.js
@@ -2,11 +2,13 @@ const axios = require('axios');
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, _, callback) => {
-  const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { RELYING_PARTY, API_URL } = context;
 
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
+  const { username, password } = context.getTwilioClient();
+
   const requestBody = {
     content: {
       // eslint-disable-next-line camelcase
@@ -19,8 +21,8 @@ exports.handler = async (context, _, callback) => {
   try {
     const APIResponse = await axios.post(challengeURL, requestBody, {
       auth: {
-        username: ACCOUNT_SID,
-        password: AUTH_TOKEN,
+        username,
+        password,
       },
     });
 
diff --git a/passkeys-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
index 230102696..afa4817ef 100644
--- a/passkeys-backend/functions/authentication/verification.js
+++ b/passkeys-backend/functions/authentication/verification.js
@@ -4,7 +4,7 @@ const assets = Runtime.getAssets();
 const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 exports.handler = async (context, event, callback) => {
-  const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { API_URL } = context;
 
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
@@ -13,7 +13,7 @@ exports.handler = async (context, event, callback) => {
     [
       'id',
       'rawId',
-      'clientDataJson',
+      'clientDataJSON',
       'authenticatorData',
       'signature',
       'userHandle',
@@ -30,6 +30,8 @@ exports.handler = async (context, event, callback) => {
     return callback(null, response);
   }
 
+  const { username, password } = context.getTwilioClient();
+
   const requestBody = {
     content: {
       rawId: event.rawId,
@@ -37,7 +39,7 @@ exports.handler = async (context, event, callback) => {
       authenticatorAttachment: 'platform',
       type: 'public-key',
       response: {
-        clientDataJSON: event.clientDataJson,
+        clientDataJSON: event.clientDataJSON,
         authenticatorData: event.authenticatorData,
         signature: event.signature,
         userHandle: event.userHandle,
@@ -50,8 +52,8 @@ exports.handler = async (context, event, callback) => {
   try {
     const APIresponse = await axios.post(verifyChallengeURL, requestBody, {
       auth: {
-        username: ACCOUNT_SID,
-        password: AUTH_TOKEN,
+        username,
+        password,
       },
     });
 
diff --git a/passkeys-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
index 9fc8c1f98..6f13ddc4f 100644
--- a/passkeys-backend/functions/registration/start.js
+++ b/passkeys-backend/functions/registration/start.js
@@ -4,7 +4,7 @@ const assets = Runtime.getAssets();
 const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 exports.handler = async (context, event, callback) => {
-  const { RELYING_PARTY, API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { RELYING_PARTY, API_URL, ANDROID_APP_KEYS } = context;
 
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
@@ -20,6 +20,8 @@ exports.handler = async (context, event, callback) => {
     return callback(null, response);
   }
 
+  const { username, password } = context.getTwilioClient();
+
   // Request body sent to passkeys verify URL call
   /* eslint-disable camelcase */
   const requestBody = {
@@ -31,13 +33,7 @@ exports.handler = async (context, event, callback) => {
       relying_party: {
         id: RELYING_PARTY,
         name: 'PasskeySample',
-        origins: [
-          `https://${RELYING_PARTY}`,
-          'android:apk-key-hash:r-BvX79axOKgiSKVuBwFSylcgHo7aUuxCnumzx4XT6E',
-          'android:apk-key-hash:UFzWPaUfGY8_scKVC2tGtgb-xBNXS5Z_PYajz3P-BVM',
-          'android:apk-key-hash:V9oDo6qGAoQG3r3vk7JJBAFBVrpSPvsp-QTlyttftAw',
-          'android:apk-key-hash:yOXmgJgVThpM_CUPlnaG4fEiFA0PpR1MCa-FbWfeiDM',
-        ],
+        origins: [`https://${RELYING_PARTY}`, ...ANDROID_APP_KEYS.split(',')],
       },
       authenticator_criteria: {
         authenticator_attachment: 'platform',
@@ -54,8 +50,8 @@ exports.handler = async (context, event, callback) => {
   try {
     const APIResponse = await axios.post(factorURL, requestBody, {
       auth: {
-        username: ACCOUNT_SID,
-        password: AUTH_TOKEN,
+        username,
+        password,
       },
     });
 
diff --git a/passkeys-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
index 5ffc8b184..3f0c63548 100644
--- a/passkeys-backend/functions/registration/verification.js
+++ b/passkeys-backend/functions/registration/verification.js
@@ -5,13 +5,13 @@ const { detectMissingParams } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
-  const { API_URL, ACCOUNT_SID, AUTH_TOKEN } = context;
+  const { API_URL } = context;
 
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
   const missingParams = detectMissingParams(
-    ['id', 'attestationObject', 'rawId', 'clientDataJson', 'transports'],
+    ['id', 'attestationObject', 'rawId', 'clientDataJSON', 'transports'],
     event
   );
   if (missingParams) {
@@ -23,6 +23,8 @@ exports.handler = async (context, event, callback) => {
     return callback(null, response);
   }
 
+  const { username, password } = context.getTwilioClient();
+
   const requestBody = {
     content: {
       id: event.id,
@@ -31,7 +33,7 @@ exports.handler = async (context, event, callback) => {
       type: 'public-key',
       response: {
         attestationObject: event.attestationObject,
-        clientDataJSON: event.clientDataJson,
+        clientDataJSON: event.clientDataJSON,
         transports: event.transports,
       },
     },
@@ -42,8 +44,8 @@ exports.handler = async (context, event, callback) => {
   try {
     const APIResponse = await axios.post(verifyFactorURL, requestBody, {
       auth: {
-        username: ACCOUNT_SID,
-        password: AUTH_TOKEN,
+        username,
+        password,
       },
     });
     response.setStatusCode(200);
diff --git a/passkeys-backend/package.json b/passkeys-backend/package.json
index 88f97b292..66a26eac0 100644
--- a/passkeys-backend/package.json
+++ b/passkeys-backend/package.json
@@ -3,6 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@twilio-labs/runtime-helpers": "^0.1.2"
+    "@twilio-labs/runtime-helpers": "^0.1.2",
+    "twilio": "^3.61.0"
   }
 }
diff --git a/passkeys-backend/tests/authentication-start.test.js b/passkeys-backend/tests/authentication-start.test.js
index c746b2835..7de7adcde 100644
--- a/passkeys-backend/tests/authentication-start.test.js
+++ b/passkeys-backend/tests/authentication-start.test.js
@@ -3,6 +3,13 @@ const helpers = require('../../test/test-helper');
 
 jest.mock('axios');
 
+const mockContext = {
+  getTwilioClient: () => ({
+    username: 'mockUsername',
+    password: 'mockPassword',
+  }),
+};
+
 describe('authentication/start', () => {
   beforeAll(() => {
     jest.clearAllMocks();
@@ -33,6 +40,6 @@ describe('authentication/start', () => {
       done();
     };
 
-    handlerFunction({}, {}, callback);
+    handlerFunction(mockContext, {}, callback);
   });
 });
diff --git a/passkeys-backend/tests/authentication-verification.test.js b/passkeys-backend/tests/authentication-verification.test.js
index fb80eceda..2c315edc0 100644
--- a/passkeys-backend/tests/authentication-verification.test.js
+++ b/passkeys-backend/tests/authentication-verification.test.js
@@ -3,10 +3,17 @@ const helpers = require('../../test/test-helper');
 
 jest.mock('axios');
 
+const mockContext = {
+  getTwilioClient: () => ({
+    username: 'mockUsername',
+    password: 'mockPassword',
+  }),
+};
+
 const testEvent = {
   id: '12345',
   rawId: 'randomRawId',
-  clientDataJson: {},
+  clientDataJSON: {},
   authenticatorData: {},
   signature: 'test-signature',
   userHandle: {},
@@ -39,11 +46,11 @@ describe('authentication/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'id, rawId, clientDataJson, authenticatorData, signature, userHandle'.`
+          `Missing parameters; please provide: 'id, rawId, clientDataJSON, authenticatorData, signature, userHandle'.`
         );
         done();
       };
-      handlerFunction({}, {}, callback);
+      handlerFunction(mockContext, {}, callback);
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
@@ -52,12 +59,12 @@ describe('authentication/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'clientDataJson, authenticatorData, signature, userHandle'.`
+          `Missing parameters; please provide: 'clientDataJSON, authenticatorData, signature, userHandle'.`
         );
         done();
       };
       handlerFunction(
-        {},
+        mockContext,
         {
           id: '123',
           rawId: '123',
@@ -79,7 +86,7 @@ describe('authentication/verification', () => {
         done();
       };
 
-      handlerFunction({}, testEvent, callback);
+      handlerFunction(mockContext, testEvent, callback);
     });
   });
 });
diff --git a/passkeys-backend/tests/registration-start.test.js b/passkeys-backend/tests/registration-start.test.js
index 3918d4cbb..097df9555 100644
--- a/passkeys-backend/tests/registration-start.test.js
+++ b/passkeys-backend/tests/registration-start.test.js
@@ -3,6 +3,14 @@ const helpers = require('../../test/test-helper');
 
 jest.mock('axios');
 
+const mockContext = {
+  ANDROID_APP_KEYS: 'key1,key2,key3',
+  getTwilioClient: () => ({
+    username: 'mockUsername',
+    password: 'mockPassword',
+  }),
+};
+
 describe('registration/start', () => {
   beforeAll(() => {
     jest.clearAllMocks();
@@ -11,7 +19,7 @@ describe('registration/start', () => {
       '/services/helpers.js',
       '../assets/services/helpers.private.js'
     );
-    helpers.setup({}, runtime);
+    helpers.setup(mockContext, runtime);
     handlerFunction = require('../functions/registration/start').handler;
   });
   afterAll(() => {
@@ -30,7 +38,7 @@ describe('registration/start', () => {
       expect(_body).toEqual(`Missing parameters; please provide: 'username'.`);
       done();
     };
-    handlerFunction({}, {}, callback);
+    handlerFunction(mockContext, {}, callback);
   });
 
   it('returns error with unsuccesfull request', (done) => {
@@ -45,7 +53,7 @@ describe('registration/start', () => {
     };
 
     handlerFunction(
-      {},
+      mockContext,
       {
         username: 'test-username',
       },
diff --git a/passkeys-backend/tests/registration-verification.test.js b/passkeys-backend/tests/registration-verification.test.js
index feea7aaf5..95541521f 100644
--- a/passkeys-backend/tests/registration-verification.test.js
+++ b/passkeys-backend/tests/registration-verification.test.js
@@ -7,10 +7,17 @@ const testEvent = {
   id: '12345',
   attestationObject: {},
   rawId: 'randomRawId',
-  clientDataJson: {},
+  clientDataJSON: {},
   transports: 'test-transport',
 };
 
+const mockContext = {
+  getTwilioClient: () => ({
+    username: 'mockUsername',
+    password: 'mockPassword',
+  }),
+};
+
 describe('registration/verification', () => {
   beforeAll(() => {
     jest.clearAllMocks();
@@ -37,11 +44,11 @@ describe('registration/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'id, attestationObject, rawId, clientDataJson, transports'.`
+          `Missing parameters; please provide: 'id, attestationObject, rawId, clientDataJSON, transports'.`
         );
         done();
       };
-      handlerFunction({}, {}, callback);
+      handlerFunction(mockContext, {}, callback);
     });
 
     it('returns an error indicating specific missing parameters', (done) => {
@@ -50,12 +57,12 @@ describe('registration/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'attestationObject, clientDataJson, transports'.`
+          `Missing parameters; please provide: 'attestationObject, clientDataJSON, transports'.`
         );
         done();
       };
       handlerFunction(
-        {},
+        mockContext,
         {
           id: '123',
           rawId: '123',
@@ -77,7 +84,7 @@ describe('registration/verification', () => {
         done();
       };
 
-      handlerFunction({}, testEvent, callback);
+      handlerFunction(mockContext, testEvent, callback);
     });
   });
 });

From 0498d8e8637c6656786463428d3f2ce6e8aa8a0c Mon Sep 17 00:00:00 2001
From: Nicolas Camacho <ncamacho@twilio.com>
Date: Tue, 9 Jul 2024 08:13:16 -0500
Subject: [PATCH 16/16] reciving complete authn object

---
 passkeys-backend/.env.example                 |  4 +--
 passkeys-backend/assets/index.html            | 12 ++-----
 .../assets/services/helpers.private.js        |  5 +++
 .../functions/authentication/verification.js  | 30 ++++-------------
 .../functions/registration/start.js           |  7 ++--
 .../functions/registration/verification.js    | 20 ++++--------
 .../tests/authentication-verification.test.js | 32 ++++---------------
 .../tests/registration-verification.test.js   | 30 ++++-------------
 8 files changed, 39 insertions(+), 101 deletions(-)

diff --git a/passkeys-backend/.env.example b/passkeys-backend/.env.example
index 0e8dba08e..acbe3973d 100644
--- a/passkeys-backend/.env.example
+++ b/passkeys-backend/.env.example
@@ -9,6 +9,6 @@ API_URL=
 RELYING_PARTY=
 
 # description: The domain of the adroid identity provider
-# format: list
-# required: true
+# format: list(text)
+# required: false
 ANDROID_APP_KEYS=
diff --git a/passkeys-backend/assets/index.html b/passkeys-backend/assets/index.html
index a2c883f1d..f447ad713 100644
--- a/passkeys-backend/assets/index.html
+++ b/passkeys-backend/assets/index.html
@@ -221,11 +221,7 @@ <h1 class="title" id="welcome"></h1>
                             headers: {
                                 "Content-Type": "application/json"
                             },
-                            body: JSON.stringify({
-                                id: publicKeyCredential.id,
-                                rawId: publicKeyCredential.rawId,
-                                ...publicKeyCredential.response
-                            })
+                            body: JSON.stringify(publicKeyCredential)
                         });
 
                         const { status, identity } = await authentication.json();
@@ -267,11 +263,7 @@ <h1 class="title" id="welcome"></h1>
                     headers: {
                         "Content-Type": "application/json"
                     },
-                    body: JSON.stringify({
-                        id: credential.id,
-                        rawId: credential.rawId,
-                        ...credential.response
-                    })
+                    body: JSON.stringify(credential)
                 });
 
                 const { status } = await verificationResponse.json();
diff --git a/passkeys-backend/assets/services/helpers.private.js b/passkeys-backend/assets/services/helpers.private.js
index 51fab6616..400d66d65 100644
--- a/passkeys-backend/assets/services/helpers.private.js
+++ b/passkeys-backend/assets/services/helpers.private.js
@@ -5,6 +5,11 @@ const detectMissingParams = (paramNames, event) => {
   return missingParams.length > 0 ? missingParams : null;
 };
 
+const isEmpty = (requestBody) => {
+  return Object.keys(requestBody).length === 0;
+};
+
 module.exports = {
   detectMissingParams,
+  isEmpty,
 };
diff --git a/passkeys-backend/functions/authentication/verification.js b/passkeys-backend/functions/authentication/verification.js
index afa4817ef..d69d463ef 100644
--- a/passkeys-backend/functions/authentication/verification.js
+++ b/passkeys-backend/functions/authentication/verification.js
@@ -1,7 +1,7 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+const { isEmpty } = require(assets['/services/helpers.js'].path);
 
 exports.handler = async (context, event, callback) => {
   const { API_URL } = context;
@@ -9,24 +9,11 @@ exports.handler = async (context, event, callback) => {
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
-  const missingParams = detectMissingParams(
-    [
-      'id',
-      'rawId',
-      'clientDataJSON',
-      'authenticatorData',
-      'signature',
-      'userHandle',
-    ],
-    event
-  );
-
-  if (missingParams) {
+  if (isEmpty(event)) {
     response.setStatusCode(400);
     response.setBody(
-      `Missing parameters; please provide: '${missingParams.join(', ')}'.`
+      `Something is wrong with the request. Please check the parameters.`
     );
-
     return callback(null, response);
   }
 
@@ -36,14 +23,9 @@ exports.handler = async (context, event, callback) => {
     content: {
       rawId: event.rawId,
       id: event.id,
-      authenticatorAttachment: 'platform',
-      type: 'public-key',
-      response: {
-        clientDataJSON: event.clientDataJSON,
-        authenticatorData: event.authenticatorData,
-        signature: event.signature,
-        userHandle: event.userHandle,
-      },
+      authenticatorAttachment: event.authenticatorAttachment,
+      type: event.type,
+      response: event.response,
     },
   };
 
diff --git a/passkeys-backend/functions/registration/start.js b/passkeys-backend/functions/registration/start.js
index 6f13ddc4f..5b8e7980f 100644
--- a/passkeys-backend/functions/registration/start.js
+++ b/passkeys-backend/functions/registration/start.js
@@ -25,7 +25,7 @@ exports.handler = async (context, event, callback) => {
   // Request body sent to passkeys verify URL call
   /* eslint-disable camelcase */
   const requestBody = {
-    friendly_name: 'TouchID',
+    friendly_name: 'Passkey Example',
     to: {
       user_identifier: event.username,
     },
@@ -33,7 +33,10 @@ exports.handler = async (context, event, callback) => {
       relying_party: {
         id: RELYING_PARTY,
         name: 'PasskeySample',
-        origins: [`https://${RELYING_PARTY}`, ...ANDROID_APP_KEYS.split(',')],
+        origins: [
+          `https://${RELYING_PARTY}`,
+          ...(ANDROID_APP_KEYS.split(',') || []),
+        ],
       },
       authenticator_criteria: {
         authenticator_attachment: 'platform',
diff --git a/passkeys-backend/functions/registration/verification.js b/passkeys-backend/functions/registration/verification.js
index 3f0c63548..ec71d0769 100644
--- a/passkeys-backend/functions/registration/verification.js
+++ b/passkeys-backend/functions/registration/verification.js
@@ -1,7 +1,7 @@
 const axios = require('axios');
 
 const assets = Runtime.getAssets();
-const { detectMissingParams } = require(assets['/services/helpers.js'].path);
+const { isEmpty } = require(assets['/services/helpers.js'].path);
 
 // eslint-disable-next-line consistent-return
 exports.handler = async (context, event, callback) => {
@@ -10,14 +10,10 @@ exports.handler = async (context, event, callback) => {
   const response = new Twilio.Response();
   response.appendHeader('Content-Type', 'application/json');
 
-  const missingParams = detectMissingParams(
-    ['id', 'attestationObject', 'rawId', 'clientDataJSON', 'transports'],
-    event
-  );
-  if (missingParams) {
+  if (isEmpty(event)) {
     response.setStatusCode(400);
     response.setBody(
-      `Missing parameters; please provide: '${missingParams.join(', ')}'.`
+      `Something is wrong with the request. Please check the parameters.`
     );
 
     return callback(null, response);
@@ -29,13 +25,9 @@ exports.handler = async (context, event, callback) => {
     content: {
       id: event.id,
       rawId: event.rawId,
-      authenticatorAttachment: 'platform',
-      type: 'public-key',
-      response: {
-        attestationObject: event.attestationObject,
-        clientDataJSON: event.clientDataJSON,
-        transports: event.transports,
-      },
+      authenticatorAttachment: event.authenticatorAttachment,
+      type: event.type,
+      response: event.response,
     },
   };
 
diff --git a/passkeys-backend/tests/authentication-verification.test.js b/passkeys-backend/tests/authentication-verification.test.js
index 2c315edc0..11bdc2d5f 100644
--- a/passkeys-backend/tests/authentication-verification.test.js
+++ b/passkeys-backend/tests/authentication-verification.test.js
@@ -13,10 +13,12 @@ const mockContext = {
 const testEvent = {
   id: '12345',
   rawId: 'randomRawId',
-  clientDataJSON: {},
-  authenticatorData: {},
-  signature: 'test-signature',
-  userHandle: {},
+  response: {
+    clientDataJSON: {},
+    authenticatorData: {},
+    signature: 'test-signature',
+    userHandle: {},
+  },
 };
 
 describe('authentication/verification', () => {
@@ -46,32 +48,12 @@ describe('authentication/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'id, rawId, clientDataJSON, authenticatorData, signature, userHandle'.`
+          `Something is wrong with the request. Please check the parameters.`
         );
         done();
       };
       handlerFunction(mockContext, {}, callback);
     });
-
-    it('returns an error indicating specific missing parameters', (done) => {
-      const callback = (_, { _body, _statusCode }) => {
-        expect(_statusCode).toBeDefined();
-        expect(_body).toBeDefined();
-        expect(_statusCode).toEqual(400);
-        expect(_body).toEqual(
-          `Missing parameters; please provide: 'clientDataJSON, authenticatorData, signature, userHandle'.`
-        );
-        done();
-      };
-      handlerFunction(
-        mockContext,
-        {
-          id: '123',
-          rawId: '123',
-        },
-        callback
-      );
-    });
   });
 
   describe('When response are unsuccesfull', () => {
diff --git a/passkeys-backend/tests/registration-verification.test.js b/passkeys-backend/tests/registration-verification.test.js
index 95541521f..df65f94e9 100644
--- a/passkeys-backend/tests/registration-verification.test.js
+++ b/passkeys-backend/tests/registration-verification.test.js
@@ -5,10 +5,12 @@ jest.mock('axios');
 
 const testEvent = {
   id: '12345',
-  attestationObject: {},
   rawId: 'randomRawId',
-  clientDataJSON: {},
-  transports: 'test-transport',
+  response: {
+    attestationObject: {},
+    clientDataJSON: {},
+    transports: 'test-transport',
+  },
 };
 
 const mockContext = {
@@ -44,32 +46,12 @@ describe('registration/verification', () => {
         expect(_body).toBeDefined();
         expect(_statusCode).toEqual(400);
         expect(_body).toEqual(
-          `Missing parameters; please provide: 'id, attestationObject, rawId, clientDataJSON, transports'.`
+          `Something is wrong with the request. Please check the parameters.`
         );
         done();
       };
       handlerFunction(mockContext, {}, callback);
     });
-
-    it('returns an error indicating specific missing parameters', (done) => {
-      const callback = (_, { _body, _statusCode }) => {
-        expect(_statusCode).toBeDefined();
-        expect(_body).toBeDefined();
-        expect(_statusCode).toEqual(400);
-        expect(_body).toEqual(
-          `Missing parameters; please provide: 'attestationObject, clientDataJSON, transports'.`
-        );
-        done();
-      };
-      handlerFunction(
-        mockContext,
-        {
-          id: '123',
-          rawId: '123',
-        },
-        callback
-      );
-    });
   });
 
   describe('When response are unsuccesfull', () => {