Skip to main content


The Authsignal Flutter SDK can be used to:

  • Sign up and sign in users using passkeys
  • Enroll devices for push auth and allow users to approve or reject push auth challenges




On iOS, passkeys are supported only on iOS 15 and above and synced via iCloud Keychain. Autofill requires iOS 16 and above.

To use passkeys you must first setup an associated domain with the webcredentials service type.

  1. Host an apple-app-site-association file on the domain that matches your relying party:

    GET https://<yourrelyingparty>/.well-known/apple-app-site-association
  2. The response JSON should look something like this:

    "applinks": {},
    "webcredentials": {
    "apps": [""]
    "appclips": {}

    where ABCDE12345 is your team id and is your bundle identifier.

  3. In XCode under "Signing & Capabilities" add a webcredentials entry for your domain / relying party e.g.


On Android, passkeys are implemented using the Credential Manager API and synced via Google Password Manager. Passkeys are supported only on devices running Android 9 (API 28) or higher.

To use passkeys on Android you must setup a Digital Asset Links JSON file on your web domain.

  1. Host an assetlinks.json file on the domain that matches your relying party:

    GET https://<yourrelyingparty>/.well-known/assetlinks.json
  2. The response JSON should look something like this:

    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
    "namespace": "android_app",
    "package_name": "com.example",
    "sha256_cert_fingerprints": [

    but with the package name and SHA256 fingerprint updated to match your own app.


Add authsignal_flutter: ^0.1.1 to your package's pubspec.yaml file and run:

flutter pub get


Initialize the Authsignal client in your code:

import 'package:authsignal_flutter/authsignal_flutter.dart';

var authsignal = Authsignal({ tenantID: "YOUR_TENANT_ID", baseURL: "YOUR_REGION_BASE_URL" });

You can find your tenantId in the Authsignal Portal.

You must specify the correct baseUrl for your tenant's region.

RegionBase URL
US (Oregon)
AU (Sydney)
EU (Dublin)


For more detail on passkeys refer to our getting started guide.

Registering a new passkey

var result = await authsignal.passkey.signUp(token, userName);

Authenticating with an existing passkey

var result = await authsignal.passkey.signIn();


Adding a device credential

Adding a new credential must be authorized with a short-lived token. You can obtain this by calling the track endpoint on the Server API which will return a token in the response. This should be done at a point in your application when the user is strongly authenticated.

var result = await authsignal.push.addCredential(token);

Removing a device credential

var result = await authsignal.push.removeCredential();

Getting a challenge

var result = await authsignal.push.getChallenge();

Updating a challenge

var approved = true; // true if the user has approved the challenge

var result = await authsignal.push.updateChallenge(challengeId, approved);