Skip to main content

Error handling

A few things can go wrong during passkey registration and authentication. For a full list of errors please see the API documentation. Two errors you'll definitely want to think about are lack of browser passkey support and duplicate users/passkeys.

Checking for passkey support

Behind the scenes, the registerPasskey and authenticatePasskey methods check to ensure the browser supports passkeys. If not they will return an error which you can identify by checking the error code:

import { Passlock, PasslockError, ErrorCode } from '@passlock/client'

const result = ...

if (PasslockError.isError(result) && result.code === ErrorCode.NotSupported) {
  // Browser doesn't support passkeys
}

Pre-emptive checks

If you would like to check for support without actually registering a passkey you can use the isPasskeySupport method:

const supported = await passlock.isPasskeySupport()

Checking for an existing passkey

Whilst a user can theoretically register more than one passkey per account, it doesn't make much sense (passkeys are cloud synced anyway). During the registerPasskey call, Passlock will check if the user has already registered a passkey and return an error:

const result = ...

if (PasslockError.isError(result) && result.code === ErrorCode.Duplicate) {
  // Duplicate user
}

Pre-emptive checks

Again, you can pre-emptively test if the user already has a passkey registered in your Passlock vault:

const supported = await passlock.isExistingUser({ email })
info

It would be nice if we could just ask the browser whether the user has a passkey registered. The topic has been debated by the community, but the general consensus is that there are privacy issues associated with that approach. After all, we can't ask Safari if the user saved a password in their keychain.

tip

Some browsers also support "Conditional UI", which is essentially a traditional username/password that can autofill a passkey (if registered) instead of a password. Passlock [supports conditional ui][conditional-ui], although we have our doubts about the user experience.