---
description: Capacitor plugin to create and authenticate with passkeys based on the WebAuthn standard. Supports Android, iOS, and the web.
title: Capacitor Passkeys Plugin - Capawesome
image: https://capawesome.io/docs/assets/images/social/sdks/capacitor/passkeys.png
---

<!doctype html> 

[Skip to content ](#capacitor-passkeys-plugin) 

[🔐 Introducing the **Capacitor Vault** plugin — store secrets behind biometrics or a device passcode. ](/blog/announcing-the-capacitor-vault-plugin/) 

* [ SDKs ](/docs/sdks/)
* [ Formbricks ](/docs/sdks/capacitor/formbricks/)
* [ Geocoder ](/docs/sdks/capacitor/geocoder/)
* [ Google Sign-In ](/docs/sdks/capacitor/google-sign-in/)
* [ Grafana Faro ](/docs/sdks/capacitor/grafana-faro/)
* [ Gyroscope ](/docs/sdks/capacitor/gyroscope/)
* [ In-App Browser ](/docs/sdks/capacitor/in-app-browser/)
* [ Install Referrer ](/docs/sdks/capacitor/install-referrer/)
* [ Keep Awake ](/docs/sdks/capacitor/keep-awake/)
* [ libSQL ](/docs/sdks/capacitor/libsql/)
* [ Live Update ](/docs/sdks/capacitor/live-update/)
* [ Localization ](/docs/sdks/capacitor/localization/)
* [ Mail Composer ](/docs/sdks/capacitor/mail-composer/)
* [ Managed Configurations ](/docs/sdks/capacitor/managed-configurations/)
* [ Maps Launcher ](/docs/sdks/capacitor/maps-launcher/)
* [ Media Session ](/docs/sdks/capacitor/media-session/)
* [ ML Kit ](/docs/sdks/capacitor/mlkit/)
* [ Navigation Bar ](/docs/sdks/capacitor/navigation-bar/)
* [ NFC ](/docs/sdks/capacitor/nfc/)
* [ Node.js ](/docs/sdks/capacitor/nodejs/)
* [ OAuth ](/docs/sdks/capacitor/oauth/)
* Passkeys [ Passkeys ](/docs/sdks/capacitor/passkeys/)
* [ iOS ](#ios)
* [ Configuration ](#configuration)
* [ Usage ](#usage)
* [ API ](#api)
* [ Type Aliases ](#type-aliases)
* [ Testing ](#testing)
* [ Limitations ](#limitations)
* [ Changelog ](#changelog)
* [ License ](#license)
* [ Password Autofill ](/docs/sdks/capacitor/password-autofill/)
* [ Pedometer ](/docs/sdks/capacitor/pedometer/)
* [ Photo Editor ](/docs/sdks/capacitor/photo-editor/)
* [ PixLive ](/docs/sdks/capacitor/pixlive/)
* [ PostHog ](/docs/sdks/capacitor/posthog/)
* [ Printer ](/docs/sdks/capacitor/printer/)
* [ Privacy Screen ](/docs/sdks/capacitor/privacy-screen/)
* [ Purchases ](/docs/sdks/capacitor/purchases/)
* [ RealtimeKit ](/docs/sdks/capacitor/realtimekit/)
* [ Root Detection ](/docs/sdks/capacitor/root-detection/)
* [ Screen Brightness ](/docs/sdks/capacitor/screen-brightness/)
* [ Screen Orientation ](/docs/sdks/capacitor/screen-orientation/)
* [ Screenshot ](/docs/sdks/capacitor/screenshot/)
* [ Secure Preferences ](/docs/sdks/capacitor/secure-preferences/)
* [ Shake ](/docs/sdks/capacitor/shake/)
* [ Silent Mode ](/docs/sdks/capacitor/silent-mode/)
* [ SIM ](/docs/sdks/capacitor/sim/)
* [ SMS Composer ](/docs/sdks/capacitor/sms-composer/)
* [ Speech Recognition ](/docs/sdks/capacitor/speech-recognition/)
* [ Speech Synthesis ](/docs/sdks/capacitor/speech-synthesis/)
* [ Share Target ](/docs/sdks/capacitor/share-target/)
* [ Square Mobile Payments ](/docs/sdks/capacitor/square-mobile-payments/)
* [ SQLite ](/docs/sdks/capacitor/sqlite/)
* [ Superwall ](/docs/sdks/capacitor/superwall/)
* [ Thermal State ](/docs/sdks/capacitor/thermal-state/)
* [ Torch ](/docs/sdks/capacitor/torch/)
* [ Vault ](/docs/sdks/capacitor/vault/)
* [ Volume ](/docs/sdks/capacitor/volume/)
* [ Wallet ](/docs/sdks/capacitor/wallet/)
* [ Wifi ](/docs/sdks/capacitor/wifi/)
* [ Zip ](/docs/sdks/capacitor/zip/)
* [ Cordova ](/docs/sdks/cordova/)
* [ Cloud ](/docs/cloud/)
* [ Integrations ](/docs/cloud/live-updates/integrations/)
* Concepts
* Reference
* [ Troubleshooting ](/docs/cloud/live-updates/troubleshooting/)
* [ FAQ ](/docs/cloud/live-updates/faq/)
* [ Native Builds ](/docs/cloud/native-builds/)
* [ Set Up Environments ](/docs/cloud/native-builds/environments/)
* [ Overwrite Native Configurations ](/docs/cloud/native-builds/native-configurations/)
* [ Auto-Increment Build Numbers ](/docs/cloud/native-builds/auto-incrementing-build-numbers/)
* [ Configure the Web Build Script ](/docs/cloud/native-builds/web-build-script/)
* [ Build from a Monorepo ](/docs/cloud/native-builds/monorepo/)
* [ Use pnpm, Yarn, or bun ](/docs/cloud/native-builds/package-managers/)
* [ Install Private npm Packages ](/docs/cloud/native-builds/npm-private-registry/)
* [ Override the Java Version ](/docs/cloud/native-builds/override-java-version/)
* [ Custom iOS Provisioning Profiles ](/docs/cloud/native-builds/custom-ios-provisioning-profiles/)
* [ Build without Git ](/docs/cloud/native-builds/build-without-git/)
* [ Access Git Behind a Firewall ](/docs/cloud/native-builds/firewall-access/)
* [ Integrations ](/docs/cloud/native-builds/integrations/)
* Reference
* [ Troubleshooting ](/docs/cloud/native-builds/troubleshooting/)
* [ FAQ ](/docs/cloud/native-builds/faq/)
* [ App Store Publishing ](/docs/cloud/app-store-publishing/)
* [ Submit a Build ](/docs/cloud/app-store-publishing/submit-a-build/)
* [ Submit Automatically After a Build ](/docs/cloud/app-store-publishing/submit-automatically/)
* [ Troubleshooting ](/docs/cloud/app-store-publishing/troubleshooting/)
* [ FAQ ](/docs/cloud/app-store-publishing/faq/)
* [ Automations ](/docs/cloud/automations/)
* [ Reference ](/docs/cloud/automations/reference/)
* [ Troubleshooting ](/docs/cloud/automations/troubleshooting/)
* [ FAQ ](/docs/cloud/automations/faq/)
* [ Assist ](/docs/cloud/assist/)
* [ CLI ](/docs/cloud/cli/)
* APIs and SDKs
* [ Webhooks ](/docs/cloud/webhooks/)
* [ Integrations ](/docs/cloud/integrations/)
* Account
* [ Organization ](/docs/cloud/organizations/)
* [ Two-Factor Enforcement ](/docs/cloud/organizations/two-factor-authentication/)
* [ Audit Logs ](/docs/cloud/organizations/audit-logs/)
* [ Billing ](/docs/cloud/organizations/billing/)
* [ License Keys ](/docs/cloud/license-keys/)
* [ AI ](/docs/ai/)
* [ Insiders ](/docs/insiders/)
* [ Billing & Plans ](/docs/insiders/billing-and-plans/)
* [ FAQ ](/docs/insiders/faq/)
* [ License ](https://capawesome.io/legal/eula/)
* [ Support ](/docs/support/)
* [ Contributing ](/docs/contributing/)
* Contributing code
* [ Code of Conduct ](/docs/contributing/code-of-conduct/)
* [ Questions ](https://docs.github.com/en/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion#creating-a-discussion)
* [ Blog ](/blog/)
* Categories

* [ iOS ](#ios)
* [ Configuration ](#configuration)
* [ Usage ](#usage)
* [ API ](#api)
* [ Type Aliases ](#type-aliases)
* [ Testing ](#testing)
* [ Limitations ](#limitations)
* [ Changelog ](#changelog)
* [ License ](#license)

# Capacitor Passkeys Plugin[¶](#capacitor-passkeys-plugin "Permanent link")

Capacitor plugin to create and authenticate with [passkeys](https://fidoalliance.org/passkeys/) based on the [WebAuthn](https://www.w3.org/TR/webauthn-2/) standard.

[ ![Deliver Live Updates to your Capacitor app with Capawesome Cloud](../../../assets/external/cloud.capawesome.io/assets/banners/cloud-build-and-deploy-capacitor-apps.69628c3f.png) ](https://cloud.capawesome.io/) 

## Features[¶](#features "Permanent link")

We are proud to offer one of the most complete and feature-rich Capacitor plugins for passkeys. Here are some of the key features:

* 🔐 **Passkey creation**: Register new passkeys with the platform authenticator.
* 🔑 **Passkey authentication**: Authenticate users with their existing passkeys.
* 🌐 **WebAuthn standard**: Uses the WebAuthn JSON serialization so any WebAuthn server library works unchanged.
* 📱 **Availability check**: Check if passkeys are available on the device.
* 🖥️ **Web support**: Full web support via the native WebAuthn browser API.
* 🤝 **Compatibility**: Works alongside the [Biometrics](https://capawesome.io/docs/sdks/capacitor/biometrics/) and [OAuth](https://capawesome.io/docs/sdks/capacitor/oauth/) plugins.
* 📦 **CocoaPods & SPM**: Supports CocoaPods and Swift Package Manager for iOS.
* 🔁 **Up-to-date**: Always supports the latest Capacitor version.

Missing a feature? Just [open an issue](https://github.com/capawesome-team/capacitor-plugins/issues) and we'll take a look!

## Newsletter[¶](#newsletter "Permanent link")

Stay up to date with the latest news and updates about the Capawesome, Capacitor, and Ionic ecosystem by subscribing to our [Capawesome Newsletter](https://cloud.capawesome.io/newsletter/).

## Compatibility[¶](#compatibility "Permanent link")

| Plugin Version | Capacitor Version | Status         |
| -------------- | ----------------- | -------------- |
| 0.x.x          | \>=8.x.x          | Active support |

## Installation[¶](#installation "Permanent link")

You can use our **AI-Assisted Setup** to install the plugin. Add the [Capawesome Skills](https://github.com/capawesome-team/skills) to your AI tool using the following command:

`[](#%5F%5Fcodelineno-0-1)npx skills add capawesome-team/skills --skill capacitor-plugins
`

Then use the following prompt:

`` [](#%5F%5Fcodelineno-1-1) Use the `capacitor-plugins` skill from `capawesome-team/skills` to install the `@capawesome/capacitor-passkeys` plugin in my project.
 ``

If you prefer **Manual Setup**, install the plugin by running the following commands and follow the platform-specific instructions below:

`[](#%5F%5Fcodelineno-2-1)npm install @capawesome/capacitor-passkeys
[](#%5F%5Fcodelineno-2-2)npx cap sync
`

### Android[¶](#android "Permanent link")

On Android, passkeys are supported on Android 9 (API level 28) and higher with an available credential provider (e.g. Google Password Manager).

#### Variables[¶](#variables "Permanent link")

This plugin will use the following project variables (defined in your app’s `variables.gradle` file):

* `$androidxCredentialsVersion` version of `androidx.credentials:credentials` and `androidx.credentials:credentials-play-services-auth` (default: `1.5.0`)

#### Digital Asset Links[¶](#digital-asset-links "Permanent link")

Your app must be associated with the domain of the relying party (`rp.id` / `rpId`) using [Digital Asset Links](https://developers.google.com/digital-asset-links). For this, host a JSON file at `https://<your-domain>/.well-known/assetlinks.json` that delegates the `common.get_login_creds` permission to your app:

`[](#%5F%5Fcodelineno-3-1)[
[](#%5F%5Fcodelineno-3-2)  {
[](#%5F%5Fcodelineno-3-3)    "relation": [
[](#%5F%5Fcodelineno-3-4)      "delegate_permission/common.handle_all_urls",
[](#%5F%5Fcodelineno-3-5)      "delegate_permission/common.get_login_creds"
[](#%5F%5Fcodelineno-3-6)    ],
[](#%5F%5Fcodelineno-3-7)    "target": {
[](#%5F%5Fcodelineno-3-8)      "namespace": "android_app",
[](#%5F%5Fcodelineno-3-9)      "package_name": "com.example.app",
[](#%5F%5Fcodelineno-3-10)      "sha256_cert_fingerprints": [
[](#%5F%5Fcodelineno-3-11)        "01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF"
[](#%5F%5Fcodelineno-3-12)      ]
[](#%5F%5Fcodelineno-3-13)    }
[](#%5F%5Fcodelineno-3-14)  }
[](#%5F%5Fcodelineno-3-15)]
`

Replace `com.example.app` with the application ID of your app and the fingerprint with the SHA-256 fingerprint of your app's signing certificate. Otherwise, the plugin methods will reject with the `DOMAIN_NOT_ASSOCIATED` error code.

### iOS[¶](#ios "Permanent link")

On iOS, passkeys are supported on iOS 15 and higher.

#### Associated Domains[¶](#associated-domains "Permanent link")

Your app must be associated with the domain of the relying party (`rp.id` / `rpId`). For this, add the [Associated Domains](https://developer.apple.com/documentation/xcode/supporting-associated-domains) capability with the `webcredentials` service type to your app:

`[](#%5F%5Fcodelineno-4-1)<key>com.apple.developer.associated-domains</key>
[](#%5F%5Fcodelineno-4-2)<array>
[](#%5F%5Fcodelineno-4-3)  <string>webcredentials:example.com</string>
[](#%5F%5Fcodelineno-4-4)</array>
`

Additionally, host an [apple-app-site-association](https://developer.apple.com/documentation/xcode/supporting-associated-domains) file at `https://<your-domain>/.well-known/apple-app-site-association`:

`[](#%5F%5Fcodelineno-5-1){
[](#%5F%5Fcodelineno-5-2)  "webcredentials": {
[](#%5F%5Fcodelineno-5-3)    "apps": ["TEAMID.com.example.app"]
[](#%5F%5Fcodelineno-5-4)  }
[](#%5F%5Fcodelineno-5-5)}
`

Replace `TEAMID` with your Apple Developer Team ID and `com.example.app` with the bundle identifier of your app. Otherwise, the plugin methods will reject with the `DOMAIN_NOT_ASSOCIATED` error code.

## Configuration[¶](#configuration "Permanent link")

No configuration required for this plugin.

## Usage[¶](#usage "Permanent link")

`` [](#%5F%5Fcodelineno-6-1)import { Passkeys } from '@capawesome/capacitor-passkeys';
[](#%5F%5Fcodelineno-6-2)
[](#%5F%5Fcodelineno-6-3)const createPasskey = async () => {
[](#%5F%5Fcodelineno-6-4)  // In a real app, the options must be provided by your WebAuthn server,
[](#%5F%5Fcodelineno-6-5)  // e.g. via `generateRegistrationOptions()` from SimpleWebAuthn.
[](#%5F%5Fcodelineno-6-6)  const result = await Passkeys.createPasskey({
[](#%5F%5Fcodelineno-6-7)    attestation: 'none',
[](#%5F%5Fcodelineno-6-8)    authenticatorSelection: {
[](#%5F%5Fcodelineno-6-9)      residentKey: 'required',
[](#%5F%5Fcodelineno-6-10)      userVerification: 'required',
[](#%5F%5Fcodelineno-6-11)    },
[](#%5F%5Fcodelineno-6-12)    challenge: 'dGhpc2lzYWNoYWxsZW5nZQ',
[](#%5F%5Fcodelineno-6-13)    pubKeyCredParams: [
[](#%5F%5Fcodelineno-6-14)      { alg: -7, type: 'public-key' },
[](#%5F%5Fcodelineno-6-15)      { alg: -257, type: 'public-key' },
[](#%5F%5Fcodelineno-6-16)    ],
[](#%5F%5Fcodelineno-6-17)    rp: { id: 'example.com', name: 'Example Inc.' },
[](#%5F%5Fcodelineno-6-18)    user: {
[](#%5F%5Fcodelineno-6-19)      displayName: 'Jane Doe',
[](#%5F%5Fcodelineno-6-20)      id: 'anVzdGFyYW5kb21pZA',
[](#%5F%5Fcodelineno-6-21)      name: 'jane.doe@example.com',
[](#%5F%5Fcodelineno-6-22)    },
[](#%5F%5Fcodelineno-6-23)  });
[](#%5F%5Fcodelineno-6-24)  // Pass the result to your WebAuthn server for verification,
[](#%5F%5Fcodelineno-6-25)  // e.g. via `verifyRegistrationResponse()` from SimpleWebAuthn.
[](#%5F%5Fcodelineno-6-26)  return result;
[](#%5F%5Fcodelineno-6-27)};
[](#%5F%5Fcodelineno-6-28)
[](#%5F%5Fcodelineno-6-29)const getPasskey = async () => {
[](#%5F%5Fcodelineno-6-30)  // In a real app, the options must be provided by your WebAuthn server,
[](#%5F%5Fcodelineno-6-31)  // e.g. via `generateAuthenticationOptions()` from SimpleWebAuthn.
[](#%5F%5Fcodelineno-6-32)  const result = await Passkeys.getPasskey({
[](#%5F%5Fcodelineno-6-33)    challenge: 'dGhpc2lzYWNoYWxsZW5nZQ',
[](#%5F%5Fcodelineno-6-34)    rpId: 'example.com',
[](#%5F%5Fcodelineno-6-35)    userVerification: 'required',
[](#%5F%5Fcodelineno-6-36)  });
[](#%5F%5Fcodelineno-6-37)  // Pass the result to your WebAuthn server for verification,
[](#%5F%5Fcodelineno-6-38)  // e.g. via `verifyAuthenticationResponse()` from SimpleWebAuthn.
[](#%5F%5Fcodelineno-6-39)  return result;
[](#%5F%5Fcodelineno-6-40)};
[](#%5F%5Fcodelineno-6-41)
[](#%5F%5Fcodelineno-6-42)const isAvailable = async () => {
[](#%5F%5Fcodelineno-6-43)  const { available } = await Passkeys.isAvailable();
[](#%5F%5Fcodelineno-6-44)  return available;
[](#%5F%5Fcodelineno-6-45)};
 ``

## API[¶](#api "Permanent link")

* [createPasskey(...)](#createpasskey)
* [getPasskey(...)](#getpasskey)
* [isAvailable()](#isavailable)
* [Interfaces](#interfaces)
* [Type Aliases](#type-aliases)

### createPasskey(...)[¶](#createpasskey "Permanent link")

`[](#%5F%5Fcodelineno-7-1)createPasskey(options: CreatePasskeyOptions) => Promise<CreatePasskeyResult>
`

Create (register) a new passkey.

The options mirror the WebAuthn `PublicKeyCredentialCreationOptions` JSON serialization so that the values provided by any WebAuthn server library can be passed through unchanged.

| Param       | Type                                          |
| ----------- | --------------------------------------------- |
| **options** | [CreatePasskeyOptions](#createpasskeyoptions) |

**Returns:** `Promise<[CreatePasskeyResult](#createpasskeyresult)>`

**Since:** 0.1.0

---

### getPasskey(...)[¶](#getpasskey "Permanent link")

`[](#%5F%5Fcodelineno-8-1)getPasskey(options: GetPasskeyOptions) => Promise<GetPasskeyResult>
`

Get (authenticate with) an existing passkey.

The options mirror the WebAuthn `PublicKeyCredentialRequestOptions` JSON serialization so that the values provided by any WebAuthn server library can be passed through unchanged.

| Param       | Type                                    |
| ----------- | --------------------------------------- |
| **options** | [GetPasskeyOptions](#getpasskeyoptions) |

**Returns:** `Promise<[GetPasskeyResult](#getpasskeyresult)>`

**Since:** 0.1.0

---

### isAvailable()[¶](#isavailable "Permanent link")

`[](#%5F%5Fcodelineno-9-1)isAvailable() => Promise<IsAvailableResult>
`

Check if passkeys are available on this device.

On **Android**, this returns `true` if the device runs Android 9 (API level 28) or higher. On **iOS**, this always returns `true`. On **Web**, this returns `true` if the browser supports WebAuthn and a user-verifying platform authenticator is available.

**Returns:** `Promise<[IsAvailableResult](#isavailableresult)>`

**Since:** 0.1.0

---

### Interfaces[¶](#interfaces "Permanent link")

#### CreatePasskeyResult[¶](#createpasskeyresult "Permanent link")

The result of the passkey creation.

This mirrors the WebAuthn `RegistrationResponseJSON` so it can be passed to any WebAuthn server library for verification.

| Prop                        | Type                                                              | Description                                                   | Since |
| --------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------- | ----- |
| **authenticatorAttachment** | [PasskeyAuthenticatorAttachment](#passkeyauthenticatorattachment) | The attachment of the authenticator that created the passkey. | 0.1.0 |
| **id**                      | string                                                            | The credential identifier as a base64url-encoded string.      | 0.1.0 |
| **rawId**                   | string                                                            | The raw credential identifier as a base64url-encoded string.  | 0.1.0 |
| **response**                | [CreatePasskeyResponse](#createpasskeyresponse)                   | The response of the authenticator.                            | 0.1.0 |
| **type**                    | 'public-key'                                                      | The credential type.                                          | 0.1.0 |

#### CreatePasskeyResponse[¶](#createpasskeyresponse "Permanent link")

The response of the authenticator for the registration of a new passkey.

This mirrors the WebAuthn `AuthenticatorAttestationResponse` JSON serialization.

| Prop                   | Type                 | Description                                                                                  | Since |
| ---------------------- | -------------------- | -------------------------------------------------------------------------------------------- | ----- |
| **attestationObject**  | string               | The attestation object as a base64url-encoded string.                                        | 0.1.0 |
| **authenticatorData**  | string               | The authenticator data as a base64url-encoded string. Only available on Android and Web.     | 0.1.0 |
| **clientDataJSON**     | string               | The client data as a base64url-encoded string.                                               | 0.1.0 |
| **publicKey**          | string               | The DER-encoded public key as a base64url-encoded string. Only available on Android and Web. | 0.1.0 |
| **publicKeyAlgorithm** | number               | The COSE algorithm identifier of the public key. Only available on Android and Web.          | 0.1.0 |
| **transports**         | PasskeyTransport\[\] | The transports that the authenticator supports. Only available on Android and Web.           | 0.1.0 |

#### CreatePasskeyOptions[¶](#createpasskeyoptions "Permanent link")

| Prop                       | Type                                                            | Description                                                                                                                                                                                  | Default | Since |
| -------------------------- | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ----- |
| **attestation**            | [PasskeyAttestation](#passkeyattestation)                       | The attestation conveyance preference.                                                                                                                                                       | 'none'  | 0.1.0 |
| **authenticatorSelection** | [PasskeyAuthenticatorSelection](#passkeyauthenticatorselection) | Criteria that the authenticator must meet.                                                                                                                                                   |         | 0.1.0 |
| **challenge**              | string                                                          | The challenge provided by the relying party server as a base64url-encoded string.                                                                                                            |         | 0.1.0 |
| **excludeCredentials**     | PasskeyCredentialDescriptor\[\]                                 | Credentials that already exist for the user, so that the authenticator does not create a second passkey for the same account. On **iOS**, this option is only applied on iOS 17.4 and later. |         | 0.1.0 |
| **pubKeyCredParams**       | PasskeyCredentialParameter\[\]                                  | The public key credential types and algorithms that the relying party server supports, ordered from most to least preferred. Only available on Android and Web.                              |         | 0.1.0 |
| **rp**                     | [PasskeyRelyingParty](#passkeyrelyingparty)                     | The relying party for which the passkey is created.                                                                                                                                          |         | 0.1.0 |
| **timeout**                | number                                                          | The time in milliseconds that the caller is willing to wait for the operation to complete. Only available on Android and Web.                                                                |         | 0.1.0 |
| **user**                   | [PasskeyUser](#passkeyuser)                                     | The user account for which the passkey is created.                                                                                                                                           |         | 0.1.0 |

#### PasskeyAuthenticatorSelection[¶](#passkeyauthenticatorselection "Permanent link")

Criteria that the authenticator must meet to create a passkey.

| Prop                        | Type                                                              | Description                                                                                                                                                                                          | Default     | Since |
| --------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ----- |
| **authenticatorAttachment** | [PasskeyAuthenticatorAttachment](#passkeyauthenticatorattachment) | The authenticator attachment modality. Only available on Android and Web.                                                                                                                            |             | 0.1.0 |
| **requireResidentKey**      | boolean                                                           | Whether or not a discoverable credential (passkey) is required. This property is retained for backwards compatibility with WebAuthn Level 1\. Prefer residentKey. Only available on Android and Web. |             | 0.1.0 |
| **residentKey**             | [PasskeyResidentKey](#passkeyresidentkey)                         | The extent to which the relying party desires to create a discoverable credential (passkey). Only available on Android and Web.                                                                      |             | 0.1.0 |
| **userVerification**        | [PasskeyUserVerification](#passkeyuserverification)               | The user verification requirement.                                                                                                                                                                   | 'preferred' | 0.1.0 |

#### PasskeyCredentialDescriptor[¶](#passkeycredentialdescriptor "Permanent link")

A descriptor that identifies a specific credential.

| Prop           | Type                 | Description                                                                                          | Since |
| -------------- | -------------------- | ---------------------------------------------------------------------------------------------------- | ----- |
| **id**         | string               | The credential identifier as a base64url-encoded string.                                             | 0.1.0 |
| **transports** | PasskeyTransport\[\] | The transports that the authenticator of the credential supports. Only available on Android and Web. | 0.1.0 |
| **type**       | 'public-key'         | The credential type.                                                                                 | 0.1.0 |

#### PasskeyCredentialParameter[¶](#passkeycredentialparameter "Permanent link")

A public key credential type and algorithm that the relying party server supports.

| Prop     | Type         | Description                                                           | Since |
| -------- | ------------ | --------------------------------------------------------------------- | ----- |
| **alg**  | number       | The COSE algorithm identifier, e.g. \-7 for ES256 or \-257 for RS256. | 0.1.0 |
| **type** | 'public-key' | The credential type.                                                  | 0.1.0 |

#### PasskeyRelyingParty[¶](#passkeyrelyingparty "Permanent link")

The relying party for which a passkey is created.

| Prop     | Type   | Description                                                                                                                                | Since |
| -------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----- |
| **id**   | string | The identifier of the relying party. This must be a registrable domain suffix of (or equal to) the domain that the app is associated with. | 0.1.0 |
| **name** | string | The human-readable name of the relying party.                                                                                              | 0.1.0 |

#### PasskeyUser[¶](#passkeyuser "Permanent link")

The user account for which a passkey is created.

| Prop            | Type   | Description                                                                    | Since |
| --------------- | ------ | ------------------------------------------------------------------------------ | ----- |
| **displayName** | string | The human-readable display name of the user account.                           | 0.1.0 |
| **id**          | string | The user handle of the user account as a base64url-encoded string.             | 0.1.0 |
| **name**        | string | The human-readable name of the user account, e.g. a username or email address. | 0.1.0 |

#### GetPasskeyResult[¶](#getpasskeyresult "Permanent link")

The result of the passkey authentication.

This mirrors the WebAuthn `AuthenticationResponseJSON` so it can be passed to any WebAuthn server library for verification.

| Prop                        | Type                                                              | Description                                                    | Since |
| --------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------- | ----- |
| **authenticatorAttachment** | [PasskeyAuthenticatorAttachment](#passkeyauthenticatorattachment) | The attachment of the authenticator that provided the passkey. | 0.1.0 |
| **id**                      | string                                                            | The credential identifier as a base64url-encoded string.       | 0.1.0 |
| **rawId**                   | string                                                            | The raw credential identifier as a base64url-encoded string.   | 0.1.0 |
| **response**                | [GetPasskeyResponse](#getpasskeyresponse)                         | The response of the authenticator.                             | 0.1.0 |
| **type**                    | 'public-key'                                                      | The credential type.                                           | 0.1.0 |

#### GetPasskeyResponse[¶](#getpasskeyresponse "Permanent link")

The response of the authenticator for the authentication with an existing passkey.

This mirrors the WebAuthn `AuthenticatorAssertionResponse` JSON serialization.

| Prop                  | Type   | Description                                                                           | Since |
| --------------------- | ------ | ------------------------------------------------------------------------------------- | ----- |
| **authenticatorData** | string | The authenticator data as a base64url-encoded string.                                 | 0.1.0 |
| **clientDataJSON**    | string | The client data as a base64url-encoded string.                                        | 0.1.0 |
| **signature**         | string | The signature as a base64url-encoded string.                                          | 0.1.0 |
| **userHandle**        | string | The user handle (the user.id provided during creation) as a base64url-encoded string. | 0.1.0 |

#### GetPasskeyOptions[¶](#getpasskeyoptions "Permanent link")

| Prop                 | Type                                                | Description                                                                                                                                                            | Default     | Since |
| -------------------- | --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ----- |
| **allowCredentials** | PasskeyCredentialDescriptor\[\]                     | The credentials that are acceptable to the relying party server. If not provided, the user can select from any discoverable credential (passkey) of the relying party. |             | 0.1.0 |
| **challenge**        | string                                              | The challenge provided by the relying party server as a base64url-encoded string.                                                                                      |             | 0.1.0 |
| **rpId**             | string                                              | The identifier of the relying party.                                                                                                                                   |             | 0.1.0 |
| **timeout**          | number                                              | The time in milliseconds that the caller is willing to wait for the operation to complete. Only available on Android and Web.                                          |             | 0.1.0 |
| **userVerification** | [PasskeyUserVerification](#passkeyuserverification) | The user verification requirement.                                                                                                                                     | 'preferred' | 0.1.0 |

#### IsAvailableResult[¶](#isavailableresult "Permanent link")

| Prop          | Type    | Description                                           | Since |
| ------------- | ------- | ----------------------------------------------------- | ----- |
| **available** | boolean | Whether or not passkeys are available on this device. | 0.1.0 |

### Type Aliases[¶](#type-aliases "Permanent link")

#### PasskeyAuthenticatorAttachment[¶](#passkeyauthenticatorattachment "Permanent link")

The authenticator attachment modality.

`'cross-platform' | 'platform'`

#### PasskeyTransport[¶](#passkeytransport "Permanent link")

A transport that an authenticator supports.

`'ble' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb'`

#### PasskeyAttestation[¶](#passkeyattestation "Permanent link")

The attestation conveyance preference.

`'direct' | 'enterprise' | 'indirect' | 'none'`

#### PasskeyResidentKey[¶](#passkeyresidentkey "Permanent link")

The extent to which the relying party desires to create a discoverable credential (passkey).

`'discouraged' | 'preferred' | 'required'`

#### PasskeyUserVerification[¶](#passkeyuserverification "Permanent link")

The user verification requirement.

* `discouraged`: The relying party prefers no user verification.
* `preferred`: The relying party prefers user verification but will not fail the operation without it.
* `required`: The relying party requires user verification.

`'discouraged' | 'preferred' | 'required'`

## Testing[¶](#testing "Permanent link")

Keep the following in mind when testing your passkey integration:

* **Real device recommended**: Test on a real device with a screen lock set up. On iOS, the Simulator supports passkeys since iOS 16\. On Android, the Emulator requires Google Play services and a Google account with Google Password Manager set up.
* **WebAuthn server**: The challenges in this plugin's examples are only placeholders. In production, the options must be generated and the results must be verified by a WebAuthn server library such as [SimpleWebAuthn](https://simplewebauthn.dev/) (Node.js) or [java-webauthn-server](https://github.com/Yubico/java-webauthn-server) (Java).
* **Domain association**: The relying party ID must be associated with your app (see the Installation section). Domain association changes can take some time to propagate, as the files are cached by Apple and Google.

## Limitations[¶](#limitations "Permanent link")

Conditional UI (passkey autofill) is not supported by this plugin. The operating system autofill integrations target native text fields, not HTML inputs in a web view.

## Changelog[¶](#changelog "Permanent link")

See [CHANGELOG.md](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/passkeys/CHANGELOG.md).

## License[¶](#license "Permanent link")

See [LICENSE](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/passkeys/LICENSE).

July 7, 2026 

Back to top

```json
{"@context": "https://schema.org", "@graph": [{"@type": "TechArticle", "@id": "https://capawesome.io/docs/sdks/capacitor/passkeys/#article", "headline": "Capacitor Passkeys Plugin", "name": "Capacitor Passkeys Plugin", "description": "Capacitor plugin to create and authenticate with passkeys based on the WebAuthn standard. Supports Android, iOS, and the web.", "inLanguage": "en", "url": "https://capawesome.io/docs/sdks/capacitor/passkeys/", "mainEntityOfPage": "https://capawesome.io/docs/sdks/capacitor/passkeys/", "author": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "publisher": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "about": {"@id": "https://capawesome.io/docs/sdks/capacitor/passkeys/#software"}}, {"@type": "SoftwareSourceCode", "@id": "https://capawesome.io/docs/sdks/capacitor/passkeys/#software", "name": "Capacitor Passkeys Plugin", "description": "Capacitor plugin to create and authenticate with passkeys based on the WebAuthn standard. Supports Android, iOS, and the web.", "url": "https://capawesome.io/docs/sdks/capacitor/passkeys/", "programmingLanguage": "TypeScript", "runtimePlatform": "Capacitor", "codeRepository": "https://github.com/capawesome-team", "author": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}, "publisher": {"@type": "Organization", "name": "Capawesome", "url": "https://capawesome.io", "logo": {"@type": "ImageObject", "url": "https://capawesome.io/assets/images/logo.svg"}}}]}
```
