Passkeys Authentication
Based on FIDO Alliance and W3C standards, passkeys are a safer and easier alternative to passwords. With passkeys, users can sign in to apps and websites using a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, eliminating the need to remember and manage passwords.
Passkeys are:
- Easier - Users can sign in using a biometric sensor.
- Safer - Passkeys are resistant to phishing, credential stuffing, and other remote attacks.
Creating a Passkey
Before asking your user to create a passkey, ensure their browser is compatible.
The np:login
event emitted from the email authentication <np-login>
component contains a suggest_passkeys
attribute.
It is set to true
if the userโs browser supports passkeys. Use it to suggest the passkey creation process only for compatible browsers.
To create a passkey, add the <np-passkey-register>
component.
Once the user clicks on this button, the browser will prompt them to create a passkey.
This component will then emit a np:register
event once the passkey is created.
The np:register
event contains the passkey id
.
It can be used for further optional administrative operations such as revocation.
Authenticating with Passkeys
The <np-login>
component, which allows the user to enter their email address,
also enables the selection of passkeys created on your domain. The user simply has to select it to start authentication with the passkey.
What if the user hasnโt created a passkey yet?
Donโt worry, the <np-login>
component allows the user to enter their email address (as a fallback) and will send them an authentication link.
You are done!
Once the session is established, you only need to transmit the session token to your server and verify it.