Passkeys (Biometrics) with Flows

This guide will walk you through integrating Passkey-based authentication into your Descope Flows. Passkeys offer a secure, passwordless login experience based on FIDO2 and WebAuthn standards.

Try out Passkeys for yourself, at https://passkeys.guru!

Flow Screens

When using Passkeys, you can use the Passkey component to enable them in your Flow screens. There is also the Biometrics action, which also operates according to the WebAuthn standards, but enforces the use of biometrics to login specifically.

Passkey Autofill

Passkeys rely on a unique identifier to associate them with a user. This is typically a phone number or email address. Descope offers an autofill feature that will allow the user to select their Passkeys that exists on the associated domain, without having to type it in.

enable-passkey-autofill

Flow Actions

When using Passkeys, the following actions are available:

  • Sign Up / Passkeys - Registers a new user with a Passkey; will fail if user already exists.
  • Sign Up or In / Passkeys - Registers or authenticates the user with a Passkey.
  • Sign In / Passkeys - Authenticates existing user with a Passkey; will fail if user does not exist.
  • Update User / Passkeys - Updates the user's information after Passkey authentication.

How to Use Passkeys Actions

To learn more about Actions in general, you can refer to our guide on them.

These actions are straightforward and can be integrated into your application like any other Action.

This is an example of using the Authenticate with Passkey action in a flow:

authenticate-with-passkey-flow-action

Restrict Types of Passkeys

When using Passkeys, you as the Descoper can restrict the types of Passkeys allowed for the user to sign up or in.

  • Platform Passkeys - Passkeys that are stored on the local device or profile of the user.
  • External Passkeys - Passkeys stored on other devices that are shared via security keys or mobile phones over Bluetooth.

You can control this restriction in the dropdown here, underneath the Passkey flow actions:

passkey-flow-action

Allow Passkeys Without User Verification

Enabling this will allow your users to authenticate with passkeys, without using biometrics or by using a security key without a PIN.

Error Handling

Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.

Was this helpful?

On this page