Add Passkeys Support #779
Description
Is your enhancement related to a problem? Please describe.
Add support for Passkeys as a modern, secure authentication method. Passkeys provide phishing-resistant, public-key–based authentication backed by platform authenticators (e.g. Touch ID, Face ID, Windows Hello) and synced credentials, offering a significantly improved security and user experience over passwords and traditional OTP methods.
Background
Passkeys are now broadly supported across modern browsers and operating systems and are actively promoted by Apple, Google, and Microsoft as the long-term replacement for passwords.
Technically, passkeys are built on the Web Authentication standard, but this proposal intentionally treats Passkeys as a first-class user feature, not a low-level WebAuthn/U2F implementation detail. This still is valid and worked over at #232
Proposed Solution
Introduce Passkey authentication as a supported login method, allowing users to authenticate using device-bound or synced passkeys instead of (or in addition to) passwords and OTPs.
High-level capabilities:
- Users can register one or more passkeys on their account
- Authentication is performed using the platform’s native UX (biometrics, PIN, security key)
- Server stores only public key material and metadata
Possible Integration Models
Two integration approaches could be supported, either initially or over time:
Option 1: Passkeys as a Password Replacement (Passwordless Login)
- Passkeys become the primary authentication method
- No password required after passkey enrollment
- Login flow: identify user → authenticate with passkey
Option 2: Passkeys as an Additional Authentication Method
Passkeys complement existing username/password flows
Can be used as:
- passkeys are an additional layer of authentication
- enter your username and password
- confirm the login with your passkey
Designs
NA
Describe alternatives you've considered
No response
Please confirm that you have searched existing issues in this repository.
Yes