From 55fdb8e24daba5aebd77fb09b2c3fcc02dbdbf95 Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Wed, 10 Jun 2026 09:20:58 +0000
Subject: [PATCH] [samples] fix passkey challenge encoding in frontend sample

The Grid-issued passkey challenge is a lowercase hex string that should
be UTF-8 encoded for WebAuthn, not base64url decoded. This aligns the
sample with the clarified schema in #561.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../src/steps/embeddedWallet/AuthenticateAndSign.tsx       | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/samples/frontend/src/steps/embeddedWallet/AuthenticateAndSign.tsx b/samples/frontend/src/steps/embeddedWallet/AuthenticateAndSign.tsx
index c4780cc3..c158a95e 100644
--- a/samples/frontend/src/steps/embeddedWallet/AuthenticateAndSign.tsx
+++ b/samples/frontend/src/steps/embeddedWallet/AuthenticateAndSign.tsx
@@ -77,12 +77,13 @@ export default function AuthenticateAndSign({
         { clientPublicKey },
       )
 
-      // 3. WebAuthn assertion against the Grid-issued challenge. The OS shows
-      //    its biometric prompt regardless of whether we send the real
+      // 3. WebAuthn assertion against the Grid-issued challenge. The challenge
+      //    is a lowercase hex string; UTF-8 encode it exactly as returned. The
+      //    OS shows its biometric prompt regardless of whether we send the real
       //    signature or the sandbox magic value below.
       const assertion = (await navigator.credentials.get({
         publicKey: {
-          challenge: base64urlToBytes(challenge.challenge),
+          challenge: new TextEncoder().encode(challenge.challenge),
           userVerification: 'required',
           timeout: 60_000,
         },