📄️ Introduction
In this tutorial you'll learn how to add passkey registration and authentication to your web application. As Passlock is framework agnostic we'll concentrate on passkeys and the Passlock library. We assume you have a reasonable understanding of web development and your chosen tech stack.
📄️ Register a passkey
The Passlock client library handles passkey creation and device registration. It also registers the passkey in your Passlock vault. You just need to link the Passlock user with a user entity in your own backend.
📄️ Authenticate a passkey
Passkeys, and the underlying Web Authentication API are very flexible. There are several
📄️ Biometric authentication
During the previous registration and authentication operations, you passed an option, userVerification, and you set it to discouraged. This basically tells the device that it shouldn't perform any additional authentication before using the passkey. If the user is signed into the device and it's unlocked, that's good enough.
📄️ Error handling
A few things can go wrong during passkey registration and authentication. For a full list of errors please see the API documentation. Two errors you'll definitely want to think about are lack of browser passkey support and duplicate users/passkeys.
📄️ Verify email address
During the passkey registration process, Passlock can also verify mailbox ownership by sending a verification link or 6 digit code. For this tutorial we'll email the user a code: