Passkey registration

The registration section of the quickstart guide covers the basics, so we’ll focus on some more advanced aspects of passkey registration here.

Username

The passkey username serves as a human palatable representation of the associated account. Suitable values include:

• jdoe
• jdoe@example.com
• jdoe (prod-env)

During authentication, the username will not be returned. You should instead use the authenticatorId or userId to identify the user.

Testing for passkey support

Dont assume the device support passkeys, test for passkey support.

frontend/register.ts

import { isPasskeySupport } from "@passlock/client";

if (!isPasskeySupport()) {
  throw new Error("Bad news...")
}

Biometric verification

Enforce local user verification by passing the userVerification option.

frontend/register.ts

// discouraged, preferred (default) or required
const userVerification = "required" as const;
const result = await registerPasskey({ tenancyId, userVerification });

Testing for an existing passkey

Use the excludeCredentials property to prevent the user registering duplicate passkeys.

frontend/register.ts

import { registerPasskey } from '@passlock/client';

// from your backend database
const excludeCredentials = [existingPasskeyId];
const result = await registerPasskey({ excludeCredentials, ... });

Attestation

Attestation is an advanced concept which essentially allows you to obtain information about the authenticator (device) generating the passkey. If you want to restrict users to a list of approved platforms, attestation can be used for this.

Note

Passlock does not currently support attestation, but it will be introduced at a later date.