Welcome to Passwordless.dev by Bitwarden. Passwordless.dev is a software toolkit that helps developers bring FIDO2 WebAuthn passkeys to their end users. Provide passwordless authentication without the need to read W3C specification documentation, determine cryptography, or manage stored public keys. Passwordless with Bitwarden does this for you.

Get started

Passwordless.dev consists of three key parts:

• An open-source client side library, used by your frontend to make requests to the end-user's browser WebAuthn API and requests to the passwordless.dev APIs.
• A public RESTful API used to complete FIDO2 WebAuthn cryptographic exchanges with the browser.
• a private RESTful API used to initiate key registrations, verify signins, and retrieve keys for end-users.

To start, download the Passwordless.js library:

NPM package

Install the Passwordless.dev JS client:

yarn add @passwordlessdev/passwordless-client

Or:

npm install @passwordlessdev/passwordless-client

Next, your front end must import the library to call the methods:

import { Client } from '@passwordlessdev/passwordless-client';
const p = new Client({ apiKey: '' });

HTML

Install the Passwordless.dev JS client:

<script
  src="https://cdn.passwordless.dev/dist/1.1.0/passwordless.iife.js"
  crossorigin="anonymous"
></script>

Next, your front end must import the libary to call the methods:

<script>
  const p = new Passwordless.Client({ apiKey: '' });
</script>

Registering a token could look like:

// Instantiate a passwordless client using your API public key.
const p = new Passwordless.Client({
  apiKey: 'myapplication:public:4364b1a49a404b38b843fe3697b803c8'
});

// Fetch the registration token from the backend.
const backendUrl = 'https://localhost:8002';
const registerToken = await fetch(backendUrl + '/create-token?userId=' + userId).then((r) =>
  r.json()
);

// Register the token with the end-user's device.
const { token, error } = await p.register(registerToken);

Advanced configuration

When selfhosting, the apiUrl property in the constructor can be used to configure the URL for the Passwordless.dev server.

For advanced usages, you can also configure the origin and the rpid.

Build the library

Run:

yarn build

Obtaining your API credentials

Passwordless.dev's Admin Panel is a GUI for application and API key management. You can manage your users and receive your public API key and private API key (also known as secret) from the user interface.

To create an application, follow the instructions here.

To create an account for yourself or your organization, visit this link

Next steps

1. Call the function register or (e.g. signinWithDiscoverable()).
2. Add two endpoints to your backend that integrate to your existing user system (set cookie, sessions, and more) and will communicate secrets with our API.
3. Make a request between your clientside code and the verification endpoints on your backend to verify the registration or sign in.

We've written a more detailed guide, with more language examples and SDKs in the Passwordless.dev documentation.

Help

To talk to the passwordless team, send us an email at support@passwordless.dev

References

• Using the JavaScript client

Bitwarden

You can fine Bitwarden's other code repositories at https://github.com/bitwarden and more information on https://bitwarden.com/.

Contribute

We encourage all contributions to docs.passwordless.dev, whether that's opening issues to request edits or additions, or adding them yourself in PRs.