Passkeys use cryptographic key pairs stored on the user’s device. Authentication happens with a biometric check (such as Face ID, Touch ID, or a fingerprint scan) or a local device PIN. This makes passkeys both safer—since they can’t be phished or reused—and easier to use, since users don’t need to remember or type credentials.

Prerequisites

  • You need to have the Dynamic Client initialized.
  • You need to have the passkey MFA enabled in your environment’s settings in the Dynamic dashboard.

Registering a new passkey

Calling registerPasskey will prompt the user to register a new passkey in their device and register it in the Dynamic server, so next time the user can complete an MFA challenge with it or even sign-in with it if enabled in the environment’s settings. Registering a passkey will automatically authenticate it, so you don’t need to call authenticatePasskeyMFA after registering a passkey. 
import { registerPasskey } from '@dynamic-labs-sdk/client';

const register = async () => {
  await registerPasskey();
};

Doing MFA authentication with a passkey

Calling authenticatePasskeyMFA will prompt the user to authenticate with a passkey in their device and complete an MFA challenge. The authentication will be successful if the user authenticates with the passkey in their device and it gets validated in the Dynamic server. 
import { authenticatePasskeyMFA } from '@dynamic-labs-sdk/client';

const onLogin = async () => {
  await authenticatePasskeyMFA();
};


// if you are using action-based MFA, you can create a single use MFA token for the action
// that mfa token will be stored in the user's session and will be used to authorize the action
const onExportPrivateKeyClick = async () => {
  await authenticatePasskeyMFA({
    createMfaToken: { singleUse: true },
  });

  // then you can perform the action
  await exportWaasPrivateKey(params);
};

Deleting a passkey

Calling deletePasskey will delete a passkey from the Dynamic server. 
import { deletePasskey } from '@dynamic-labs-sdk/client';

const delete = async () => {
  // Replace 'passkey-id' with the actual ID of the passkey you want to delete
  await deletePasskey({passkeyId: 'passkey-id'});
};

Getting all registered passkeys for a user

Calling getPasskeys will return all registered passkeys for the authenticated user. 
import { getPasskeys } from '@dynamic-labs-sdk/client';

const getUserPasskeys = async () => {
  const passkeys = await getPasskeys();
  console.log(passkeys);
};