Passkeys without username entry

I would like to implement passkey support in my Keycloak instance. Keycloak seems to support passkeys essentially as an alternative to OTP, but not as a one-click sign-in method. How would I implement passkey support such that one click from the login screen gives the user a passkey prompt? Can I do this without customizing the theme files?

To get an idea of what I’m looking for, see the GitHub Login page which provides a username and password entry box, or separate “Sign in with passkey” link.

Hi, you can use the passkeys form fill feature (WebAuthn Conditional UI [1]) to handle both password and passkeys login. Check out this workshop [2] and the custom extension [3].

[1] Explainer: WebAuthn Conditional UI · w3c/webauthn Wiki · GitHub
[2] GitHub - embesozzi/keycloak-workshop-stepup-mfa-biometrics: Keycloak Workshop for Step Up with MFA Biometrics Authentication (Passkeys) and Passwordless experience with Passkeys
[3] GitHub - embesozzi/keycloak-webauthn-conditional-mediation: Keycloak Authentication Provider implementation for Webauthn with Conditional Mediation (Passkey autofill)

To be add more of the Keycloak POV, additional to @embesozzi’s info, Keycloak doesn’t support WebAuthn Conditional UI ootb, yet. It’s still under development. It will come eventually at some time…

Thanks all for the responses! @dasniko is there somewhere I can follow development progress? In the mean time, I’ll check out your extension @embesozzi.

This is the umbrella issue: Passkeys support · Issue #23656 · keycloak/keycloak · GitHub

2 Likes