What are Passkeys?


Passkeys are a new way to log in to services without using a password. Instead of a password, passkeys use the security capability of your device like Touch ID and Face ID, and sync across multiple devices so you don't have to worry about losing your device either. Passkeys are strong and phishing resistant by design.

Do passkeys replace OAuth?

No! In fact, passkeys and OAuth work great together! While passkeys take the place of using a password to log in to a service, that service will still need OAuth in order to grant third parties access to the data at the service that supports passkeys!

Passkeys authenticate users, so if that's all you're using OAuth for (you shouldn't), then you may not need OAuth! But if you're using OAuth in order to access an API, then you'll still need OAuth, as that's how you get an access token.

Passkeys will replace the step in OAuth where the user enters their password, since passkeys are a replacement for password authentication. But passkeys alone won't provide an app with an access token to make API requests, since that's not what it's designed for.