Skip to main content

Create, Manage or Delete Passkeys via Passkey List Component

Passkey management lets users view, update, and remove the passkeys saved on their devices. It ensures users stay in control of which passkeys exist for an account and gives them the option to revoke passkeys if a device is lost or no longer in use.

General Passkey Management

  • macOS
  • Windows
  • iOS
  • Android
general-passkey-management-macos.png

macOS passkey management flow

1

General Passkey Settings in Profile Section

  • Users can see all the passkeys created for the current account here.
  • Users can initiate passkey registration for new devices.
  • Users can delete or update existing credentials.
2

When no Passkey is created for the User Account

  • When the user has no passkey created, the passkey list is shown empty.
3

Passkey Delete Modal

  • User can simply delete existing passkeys from the list shown by clicking on the “X” icon on the top right corner of any passkey listed.
  • This action is not reversible, so the user is again asked for confirmation on deletion of passkey.
  • This leads to permanent passkey deletion (of the public key).
  • User has the possibility to create a new one.

WebAuthn Signal API for Client-Side Synchronization

Advanced Feature: The WebAuthn Signal API enables seamless synchronization between your server and the user’s device. When a user deletes a passkey from your account settings or updates their user information (like email or display name), this API automatically removes or updates the corresponding passkey on the client-side authenticator (password manager or OS).
Platform Support:
  • iOS and macOS: Supported on newer versions
  • Windows: Chrome with Google Password Manager
  • Android: Native support and Chrome support following
What the Signal API Does:
  1. Automatic Deletion on Client: When users delete a passkey from your passkey list, the WebAuthn Signal API signals the client-side authenticator to remove it. This prevents deleted passkeys from appearing in future login prompts (Conditional UI), improving user experience.
  2. Metadata Updates: If user information changes (e.g., email address update), the Signal API updates the passkey’s metadata (user.name, user.displayName) on the client-side. This ensures users see current information when selecting passkeys during login.
The Signal API operates silently and privacy-preserving - it doesn’t provide feedback about whether the update succeeded, maintaining user privacy while keeping credentials synchronized.

Passkey List Error States

  • macOS
  • Windows
  • iOS
  • Android
passkey-list-errors-macos.png

macOS passkey list error states

1

Passkey List Loading Error

  • The list of passkeys fails to load (e.g., due to network or system error).
2

User Aborts Passkey Creation

  • User cancels creation during system prompts or internal dialogs. No new passkey is added in the list.
3

Passkey Creation Failed Due to API Errors

  • User experiences errors from backend/API during passkey creation. The error is communicated clearly.
4

Passkey Deletion Fails

  • Deletion of the passkey returns an error due to system or API failure.
5

Passkey Already Exists

  • Attempting to register a passkey that is already present prompts an informative error.
6

No Passkey Support

  • Device or browser does not support passkeys, blocking registration or management.
I