Ensuring a backup option exists when passkeys are unavailable
Even if users have previously created a passkey, they may be authenticating on a new device where the passkey cannot be synced - for example, when switching between an iOS and an Android device or vice versa. Additionally, it is possible a user may have deleted their existing passkey credential from Apple iCloud or Google Password Manager. One way to ensure a user always has a backup option available is to prompt the user to create a passkey only after they enroll another authentication method such as email OTP or SMS OTP. Since Authsignal supports binding multiple authentication factors together, this can easily be achieved with the mobile SDK.Creating a passkey after completing an email OTP challenge
Optimizing sign-in UX
Now that we can be confident the user always has a backup option, we can design an optimal sign-in UX which puts passkeys front and center while also providing a safe fallback. For the happy path when a passkey is available, presenting a “Sign in” button which immediately displays the passkey prompt provides a smooth UX.Signing in with an available passkey
Falling back to email OTP when a passkey is unavailable
The above behavior is possible because iOS and Android both expose a
preferImmediatelyAvailableCredentials parameter which will
avoid showing the passkey prompt if no credentials are available on the current device. Set this
value to false if you want to allow signing in via QR code with a passkey on another device.