We're now live! Signup now
Roaming authenticators allow users to sign in to a website on one device, using a passkey stored on a different device.
Passkeys offer a capability known as roaming authenticators. Conceptually this is very similar to many online banking websites, in which a web sign-in must be approved using the banking smartphone app.
This flow could be triggered by the browser itself if the user tries to sign in but has no passkey credentials registered on the device. Alternatively the user may choose to use a credential held on another device, known as the roaming authenticator.
The roaming authenticator could be an external authenticator e.g. a YubiKey or a smartphone / tablet. In the case of an external device, the user will be asked to plug it in or othewise pair it. Smartphone users will simply scan a generated QR code.
Founder
If you've followed the previous instalments in this series, you'll have built a SvelteKit app with passkey authentication, session management and authorization. It's functional, but it feels a bit clunky. Let's improve things.
In this tutorial you'll build on your previous work to integrate passkeys with Lucia users and sessions. You'll handle session creation, expiry and invalidation, and protect your routes using SvelteKit hooks.
In this tutorial you'll learn how to add passkey authentication to your SvelteKit apps. You'll register a passkey and use it to login. In subsequent tutorials I'll show you how to add session management, social login and more.
All the major browsers now support passkeys, however biometric support is often limited to those browsers with tight platform integration e.g. Safari on iOS and Chrome on Android.
Passkeys are tied to specific (https) websites. Browsers won't use a private key intended for one website to sign a challenge generated by a different site.
Passkeys enable two factor authentication (including biometrics). Users can even use a biometric enabled device e.g. iPhone FaceID to authenticate against a device lacking this capability e.g. a desktop.