Two Methods of Passkey Authentication

1. Session-Based Authentication

In this method, you authenticate with passkeys once to obtain a time-limited JWT (JSON Web Token). This token can then be used for subsequent actions such as personal_sign, sign_transaction, and other secure actions. This method is efficient because it requires only one authentication step per session, reducing the need for repeated verifications.

2. Direct Passkey Authentication for Each Request

This method requires you to authenticate using a passkey with every single request. It is more secure since each request is independently authenticated, but it can be less efficient due to the repetitive nature of authentication.

If you are implementing the session-based authentication (Flow 1), follow the below guidance. For details on implementing the direct passkey authentication with each request (Flow 2), refer to the specific methods.

The above gives a high level view on how Passkey Authentication works with Passport. You can followAuthenticating with SDK to have most of these details abstracted away. Currently we only have a TypeScript SDK, so you can also follow Authenticating with API if preferred.

Last updated