Passkeys Module

WebAuthn/Passkey authentication methods for passwordless login using biometrics or hardware security keys.

Updated Dec 30, 2025 Edit this page

Passkeys Module

The passkeys module (sso.passkeys) provides FIDO2/WebAuthn authentication methods for passwordless login using biometrics (Touch ID, Face ID, Windows Hello) or hardware security keys (YubiKey).

Methods

sso.passkeys.isSupported()

Signature:

isSupported(): boolean

Description: Check if WebAuthn is supported in the current browser environment.

Returns: boolean - True if WebAuthn is supported, false otherwise.

Example:

if (sso.passkeys.isSupported()) {
  console.log('Passkeys are supported on this device');
} else {
  console.log('Passkeys not available - show alternative login methods');
}

sso.passkeys.isPlatformAuthenticatorAvailable()

Signature:

isPlatformAuthenticatorAvailable(): Promise<boolean>

Description: Check if a platform authenticator (Touch ID, Face ID, Windows Hello) is available on the device. This does not detect external security keys.

Returns: Promise<boolean> - True if platform authenticator is available.

Example:

const hasPlatformAuth = await sso.passkeys.isPlatformAuthenticatorAvailable();
if (hasPlatformAuth) {
  console.log('Can use Touch ID / Face ID / Windows Hello');
}

sso.passkeys.register()

Signature:

register(displayName?: string): Promise<string>

Description: Register a new passkey for the authenticated user. This method requires an active JWT session. The browser prompts the user to create a passkey using their device’s authenticator.

Parameters:

Name Type Description
displayName string (optional) Display name for the passkey (e.g., “My MacBook Pro”)

Returns: Promise<string> - The registered passkey ID.

Example:

try {
  const passkeyId = await sso.passkeys.register('My MacBook Pro');
  console.log('Passkey registered with ID:', passkeyId);
} catch (error) {
  console.error('Passkey registration failed:', error);
}

Throws:

  • Error - When WebAuthn is not supported in the browser.
  • SsoApiError - When user is not authenticated or registration fails.

sso.passkeys.login()

Signature:

login(email: string): Promise<PasskeyAuthFinishResponse>

Description: Authenticate using a passkey and obtain a JWT token. The browser prompts the user to authenticate using their registered passkey.

Parameters:

Name Type Description
email string User’s email address

Returns: Promise<PasskeyAuthFinishResponse> - Authentication response with JWT token.

Response Fields:

Field Type Description
token string JWT access token
user_id string Authenticated user’s ID

Example:

try {
  const result = await sso.passkeys.login('user@example.com');
  sso.setAuthToken(result.token);
  localStorage.setItem('sso_access_token', result.token);
  console.log('Logged in as:', result.user_id);
} catch (error) {
  console.error('Passkey login failed:', error);
}

Throws:

  • Error - When WebAuthn is not supported in the browser.
  • SsoApiError - When user has no registered passkeys or authentication fails.

Type Definitions

PasskeyAuthFinishResponse

interface PasskeyAuthFinishResponse {
  token: string;
  user_id: string;
}