← marwandiallo.comlabs

Passkey demo

WebAuthn registration + authentication against an in-memory user store. The server is @simplewebauthn/server; the store resets on every server restart.

Username

Actions

What happens during registration

  1. Server generates a random challenge bound to your username.
  2. Browser passes the challenge to your authenticator (Touch ID, security key, phone). Authenticator generates a fresh keypair.
  3. Authenticator returns a signed attestation including the public key. The private key never leaves the device.
  4. Server verifies the attestation, stores the public key, and binds it to the user.