
Using passkey autofill to sign in
Configuring passkeys
In the Authsignal Portal we have configuredlocalhost
as the Relying Party for the purposes of local development.
We also whitelist both the login server and the application server as expected origins.

Configuring the relying party ID and expected origins
https://localhost:5002
, then reauthenticate with the same passkey when signing in to IdentityServer running on https://localhost:5001
.
Enrolling a passkey
Once the user has logged in with MFA, we can use the Authsignal Web SDK to allow the user to add a passkey. This can be done by adding a button to the application server (i.e. the WebClient).
Adding a passkey
enrollmentToken
here is fetched server-side in /src/WebClient/Pages/Passkeys.cshtml.cs when the page loads.
Signing in with a passkey
Now that the user has enrolled a passkey, the next time they sign in via IdentityServer we would like to give them the option to use their passkey instead of their username & password. This can be achieved simply by adding a small client-side JavaScript snippet which initializes the existing username field to allow passkeys. First we need to ensure that the input field has the valueusername webauthn
in the autocomplete attribute.

Signing in with a passkey