feat(sdk-core): improve removePasskeyFromAccount and use public-types

derranW26 · derranW26 · commit 2f80518e1b4f · 2026-05-04T10:24:54.000-04:00
- Add device.id validation before DELETE call - Add edge-case tests for missing device.id - Replace local WebAuthnOtpDevice with @bitgo/public-types@6.1.0 WCN-191
diff --git a/modules/sdk-core/package.json b/modules/sdk-core/package.json
@@ -40,7 +40,7 @@
     ]
   },
   "dependencies": {
-    "@bitgo/public-types": "5.97.0",
+    "@bitgo/public-types": "6.1.0",
     "@bitgo/sdk-lib-mpc": "^10.11.1",
     "@bitgo/secp256k1": "^1.11.0",
     "@bitgo/sjcl": "^1.1.0",
diff --git a/modules/sdk-core/src/bitgo/passkey/removePasskeyFromAccount.ts b/modules/sdk-core/src/bitgo/passkey/removePasskeyFromAccount.ts
@@ -7,5 +7,8 @@ import { WebAuthnOtpDevice } from './types';
  */
 export async function removePasskeyFromAccount(params: { bitgo: BitGoBase; device: WebAuthnOtpDevice }): Promise<void> {
   const { bitgo, device } = params;
+  if (!device.id) {
+    throw new Error('device.id is required to remove a passkey from the account');
+  }
   await bitgo.del(bitgo.url(`/user/otp/${device.id}`)).result();
 }
diff --git a/modules/sdk-core/src/bitgo/passkey/types.ts b/modules/sdk-core/src/bitgo/passkey/types.ts
@@ -1,8 +1 @@
-// TODO: replace with: export type { WebAuthnOtpDevice } from '@bitgo/public-types'
-export interface WebAuthnOtpDevice {
-  id: string; // serialized MongoDB _id — used for DELETE
-  credentialId: string; // from authenticatorInfo.credID
-  prfSalt?: string;
-  isPasskey?: boolean;
-  extensions?: Record<string, boolean>;
-}
+export type { WebAuthnOtpDevice } from '@bitgo/public-types';
diff --git a/modules/sdk-core/test/unit/bitgo/passkey/removePasskeyFromAccount.ts b/modules/sdk-core/test/unit/bitgo/passkey/removePasskeyFromAccount.ts
@@ -49,4 +49,20 @@ describe('removePasskeyFromAccount', function () {
     const result = await removePasskeyFromAccount({ bitgo: mockBitGo as any, device });
     assert.strictEqual(result, undefined);
   });
+
+  it('should throw if device.id is empty', async function () {
+    const badDevice: WebAuthnOtpDevice = { ...device, id: '' };
+    await assert.rejects(() => removePasskeyFromAccount({ bitgo: mockBitGo as any, device: badDevice }), {
+      message: 'device.id is required to remove a passkey from the account',
+    });
+    assert.strictEqual(mockBitGo.del.called, false);
+  });
+
+  it('should throw if device.id is undefined', async function () {
+    const badDevice = { ...device, id: undefined } as unknown as WebAuthnOtpDevice;
+    await assert.rejects(() => removePasskeyFromAccount({ bitgo: mockBitGo as any, device: badDevice }), {
+      message: 'device.id is required to remove a passkey from the account',
+    });
+    assert.strictEqual(mockBitGo.del.called, false);
+  });
 });

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@`
`40`	`40`	`]`
`41`	`41`	`},`
`42`	`42`	`"dependencies": {`
`43`		`- "@bitgo/public-types": "5.97.0",`
	`43`	`+ "@bitgo/public-types": "6.1.0",`
`44`	`44`	`"@bitgo/sdk-lib-mpc": "^10.11.1",`
`45`	`45`	`"@bitgo/secp256k1": "^1.11.0",`
`46`	`46`	`"@bitgo/sjcl": "^1.1.0",`
Original file line number	Diff line number	Diff line change
`@@ -7,5 +7,8 @@ import { WebAuthnOtpDevice } from './types';`
`7`	`7`	`*/`
`8`	`8`	`export async function removePasskeyFromAccount(params: { bitgo: BitGoBase; device: WebAuthnOtpDevice }): Promise<void> {`
`9`	`9`	`const { bitgo, device } = params;`
	`10`	`+ if (!device.id) {`
	`11`	`+ throw new Error('device.id is required to remove a passkey from the account');`
	`12`	`+ }`
`10`	`13`	await bitgo.del(bitgo.url(`/user/otp/${device.id}`)).result();
`11`	`14`	`}`