Welcome to Passwordless.dev by Bitwarden. Passwordless.dev is a software toolkit that helps developers bring FIDO2 WebAuthn passkeys to their end users. Provide passwordless authentication without the need to read W3C specification documentation, determine cryptography, or manage stored public keys. Passwordless with Bitwarden does this for you.
Passwordless.dev consists of three key parts:
- An open-source client side library, used by your frontend to make requests to the end-user's browser WebAuthn API and requests to the passwordless.dev APIs.
- A public RESTful API used to complete FIDO2 WebAuthn cryptographic exchanges with the browser.
- a private RESTful API used to initiate key registrations, verify signins, and retrieve keys for end-users.
To start, download the Passwordless.js library:
Install the Passwordless.dev JS client:
yarn add @passwordlessdev/passwordless-client
Or:
npm install @passwordlessdev/passwordless-client
Next, your front end must import the library to call the methods:
import { Client } from '@passwordlessdev/passwordless-client';
const p = new Client({ apiKey: '' });
Install the Passwordless.dev JS client:
<script
src="https://cdn.passwordless.dev/dist/1.1.0/passwordless.iife.js"
crossorigin="anonymous"
></script>
Next, your front end must import the libary to call the methods:
<script>
const p = new Passwordless.Client({ apiKey: '' });
</script>
Registering a token could look like:
// Instantiate a passwordless client using your API public key.
const p = new Passwordless.Client({
apiKey: 'myapplication:public:4364b1a49a404b38b843fe3697b803c8'
});
// Fetch the registration token from the backend.
const backendUrl = 'https://localhost:8002';
const registerToken = await fetch(backendUrl + '/create-token?userId=' + userId).then((r) =>
r.json()
);
// Register the token with the end-user's device.
const { token, error } = await p.register(registerToken);
When selfhosting, the apiUrl
property in the constructor can be used to configure the URL for the Passwordless.dev server.
For advanced usages, you can also configure the origin
and the rpid
.
Run:
yarn build
Passwordless.dev's Admin Panel is a GUI for application and API key management. You can manage your users and receive your public API key
and private API key
(also known as secret) from the user interface.
To create an application, follow the instructions here.
To create an account for yourself or your organization, visit this link
- Call the function
register
or (e.g.signinWithDiscoverable()
). - Add two endpoints to your backend that integrate to your existing user system (set cookie, sessions, and more) and will communicate secrets with our API.
- Make a request between your clientside code and the verification endpoints on your backend to verify the registration or sign in.
We've written a more detailed guide, with more language examples and SDKs in the Passwordless.dev documentation.
To talk to the passwordless team, send us an email at [email protected]
You can fine Bitwarden's other code repositories at https://github.com/bitwarden and more information on https://bitwarden.com/.
We encourage all contributions to docs.passwordless.dev, whether that's opening issues to request edits or additions, or adding them yourself in PRs.