Passkey client application implementation guidance

Begin your journey to implement a client application that supports passkeys

In this guide we are going to discuss how to build a client application that supports passkeys. This guide will encompass a variety of topics, examples, and best practices that are supported by Yubico’s extensive experience in building and advising on WebAuthn applications. At the end of this guide you should possess the knowledge and foundational understanding required to build a passkey supported application.

The client application

The client application is the user interface aspect of your application, where your users will interact with your service. In the case of a passkey application, there are two aspects of the client application that should be considered: the user interface that you develop, and the ecosystem that the user is on.

In this guide when we reference the ecosystem we are referring to the browser and operating system that the user is on.

User ecosystem

The ecosystem (browser + operating system) is a critical component that your application team should be aware of. While the WebAuthn specification provides the recommended guidelines for passkeys, there still remains nuances in how they are implemented. Each of the major browsers and operating systems are developed by individual entities who have different implementation approaches. It should be noted that for the most part the passkey experience will remain consistent across ecosystems, notable differences between ecosystems could include:

  • Support for new functionality (Autofill)

  • Wording and displays for modals and prompts

  • Default values for PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions

Before you develop an application you should consider what ecosystem your users are leveraging. For consumer applications the permutations of ecosystems is boundless, but it’s wise to support the major browsers (Google Chrome, Apple Safari, Microsoft Edge, Mozilla Firefox) and operating systems (Windows, iOS, macOS, and Android).

Enterprise applications may have fewer permutations in the ecosystems allowed, and may offer more control in how you guide and prompt users.

Please refer to these resources to see passkey support across a variety of different ecosystem:

Passkey user flows

When you’re ready to begin, please click the link below for our overview of passkey user flows that should be supported by a client application.