Begin your journey to implement a client application that supports passkeys
In this guide we are going to discuss how to build a client application that supports passkeys. This guide will encompass a variety of topics, examples, and best practices that are supported by Yubico’s extensive experience in building and advising on WebAuthn applications. At the end of this guide you should possess the knowledge and foundational understanding required to build a passkey supported application.
The client application is the user interface aspect of your application, where your users will interact with your service. In the case of a passkey application, there are two aspects of the client application that should be considered: the user interface that you develop, and the ecosystem that the user is on.
In this guide when we reference the ecosystem we are referring to the browser and operating system that the user is on.
The ecosystem (browser + operating system) is a critical component that your application team should be aware of. While the WebAuthn specification provides the recommended guidelines for passkeys, there still remains nuances in how they are implemented. Each of the major browsers and operating systems are developed by individual entities who have different implementation approaches. It should be noted that for the most part the passkey experience will remain consistent across ecosystems, notable differences between ecosystems could include:
Support for new functionality (Autofill)
Wording and displays for modals and prompts
Default values for PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions
Before you develop an application you should consider what ecosystem your users are leveraging. For consumer applications the permutations of ecosystems is boundless, but it’s wise to support the major browsers (Google Chrome, Apple Safari, Microsoft Edge, Mozilla Firefox) and operating systems (Windows, iOS, macOS, and Android).
Enterprise applications may have fewer permutations in the ecosystems allowed, and may offer more control in how you guide and prompt users.
Please refer to these resources to see passkey support across a variety of different ecosystem:
When you’re ready to begin, please click the link below for our overview of passkey user flows that should be supported by a client application.