Welcome to Passkey Accounts™
Easily add secure account logic to your project!
Passkeys are used for authentication. No passwords. No session cookies. No JWT tokens.
Real-time WebSocket communication for instant auth state updates. Supports all web servers.
Pure authentication and account system. Your users and their data stays with you.
| Tamper Matrix | Protected by WSS | Protected by Sequence | Protected by HMAC (configurable) |
|---|---|---|---|
| Packet sniffing | ✅ | ❌ | ❌ |
| Packet tampering | ✅ | ❌ | ✅ |
| Replay after reconnect | ❌ | ✅ | ❌ |
| Duplicate events | ❌ | ✅ | ❌ |
| Internal event injection | ❌ | ❌ | ✅ |
No worries, Passkey Accounts™ takes care of all this and more for you.
Demo resources have been diverted to the widget test.
This docs page now points to the active v0.0 widget and API development surface.
Open Widget Testconst widget = await createPasskeyWidget({
mount: document.getElementById('auth-widget'), // Widget will render here
rpId: 'yourdomain.com', // Must match your domain, exclude protocol (https://)
rpLabel: 'Your Project Name' // (optional) Displayed inside user's authenticator
});
widget.on('logged-in', ({ accountID }) => {
console.log(accountID + " logged in");
});
widget.on('logged-out', ({ accountID }) => {
console.log(accountID + " logged out");
});
The customizable widget remains intended for ease-of-use. Live testing is temporarily centralized at /widget_test.html.
FAQ
Does Passkey Accounts™ store user data?
NO, the only user data stored is an email address. You're conveniently given an accountID to use inside your logic.
What if a user does not have a passkey-compatible device?
Roughly 4% of hardware does not support passkeys. In this edge case, OTP email will work for logging in.
Where are the API keys?
There are none, behind-the-scenes magic handles everything for you securely! // You're welcome.