Passkeys

The Auth Methods Management component renders the Passkey enrollment flow, an educational screen, a WebAuthn registration handshake with the platform authenticator, and the enrolled-factor entry in the authenticator list. Unlike other factors, passkeys require application-side platform entitlements that the SDK cannot configure. This page covers the platform entitlements and SDK configuration specific to passkeys.

Prerequisites

Enable passkeys on your Auth0 database connection Read Passkeys to enable it in your Auth0 tenant.
Complete the Universal Components setup Read Build a Self-Service Account Security Interface to install the SDK, configure your Auth0 tenant, and initialize the SDK. Set PasskeysConfiguration (iOS) or PasskeyConfiguration (Android) on the SDK initializer if your integration needs a specific connection or linked identity.
Complete the platform level application setup Unlike other factors, passkeys requires your application to prove ownership of the Auth0 domain at the OS level. Follow the Platform setup steps to configure.

Platform setup

Passkeys bind to the relying party domain Auth0 issues credentials for, typically your Auth0 tenant domain or custom domain. The platform verifies this binding through Apple Associated Domains (iOS) or Android Digital Asset Links.

iOS
Android

Add the Associated Domains entitlement In Xcode, open your target’s Signing & Capabilities and add Associated Domains. Add the entry:
```
webcredentials:YOUR_AUTH0_DOMAIN
```
For example: webcredentials:your-tenant.auth0.com. If you use a custom domain, use that instead.
Register your application bundle ID in the Auth0 Dashboard A. Navigate to Auth0 Dashboard → Authentication → Database B. Select the Database Connections C. Select the Passkey settings tab D. Add your application bundle ID in the Allowed iOS Applications Auth0 publishes the apple-app-site-association file at /.well-known/apple-app-site-association on your domain automatically and includes every registered bundle ID.
Minimum iOS version The Auth Methods Management component hides the Passkey option on devices running iOS < 16.6, macOS < 13.5, or visionOS < 1.0.

Apple’s Supporting associated domains guide is the authoritative reference for entitlements and the AASA file. Validate your AASA with the AASA Validator before testing on-device.

Confirm AndroidX Credentials is resolved The Universal Components SDK depends on androidx.credentials:credentials:1.5.0+ transitively. If you see credential manager errors, verify with ./gradlew app:dependencies.
Register your application package and SHA-256 signing fingerprints in the Auth0 Dashboard A. Navigate to Auth0 Dashboard → Authentication → Database B. Select the Database Connections C. Select the Passkey settings tab D. Add your application package and SHA-256 signing fingerprints in the Allowed Android Applications Auth0 serves /.well-known/assetlinks.json on your domain automatically and includes every registered app. Obtain fingerprints with:
```
keytool -list -v -keystore /path/to/keystore -alias YOUR_ALIAS | grep SHA256
```
For Play App Signing, copy the fingerprint from Play Console → Setup → App signing.
Minimum Android version Platform-credential passkeys require Android 14+ (API 34+) for the full Credential Manager experience. On Android 9–13 (API 28–33), passkeys sync through Google Password Manager on devices with up-to-date Play Services. The component hides the Passkey option for Android API 28 and below.

Google’s Credential Manager guide and the Digital Asset Links tester are the authoritative references. Validate your assetlinks.json before testing on-device.

Customization

The Passkey educational and status screens inherit the component’s active theme. The biometric prompt itself is rendered by the OS and cannot be themed.

Token	Effect on Passkey screens
`background.accent` / `backgroundAccent`	Accent color for the passkey educational illustration
`background.primary` / `backgroundPrimary`	Add Passkey button background
`text.onPrimary` / `textOnPrimary`	Add Passkey button label
`text.bold` / `textBold`	Headline and explainer copy
`radius.button` / `shapes.large`	Button corner radius

For the full token, read Customize Style and Themes.

SDK Limitations

Passkeys can only be enrolled from inside the Auth Methods Management component. There is no public SwiftUI or Composable API to trigger a standalone passkey enrollment from elsewhere in your app. Post-login “save a passkey” upsell prompts are not supported today. You can track ui-components-ios and universal-components-android for updates.
Removing a passkey in the component does not purge the OS credential store. The enrolled passkey detaches from the Auth0 account, but the private credential remains in iCloud Keychain (iOS) or Google Password Manager (Android) until the user removes it from the OS-level credential manager.
Android’s PasskeyEnableScreen is informational only. It is publicly callable, but it renders a static educational card, the onEnableClick callback is delegated to you. The actual enrollment logic lives inside the component’s internal PasskeyViewModel and is not publicly exposed.
Attestation conveyance is not surfaced. The SDK does not let the caller select attestation policy (none / indirect / direct) or enumerate authenticator transports — it uses the Auth0 tenant’s configured WebAuthn policy.

Learn more

Auth Methods Management

Auth Methods Management component reference and the full list of supported factors.

Build a Self-Service Account Security Interface

Initialize the SDK and wire the token provider to your Auth0 tenant.

Web Foundations

Native Foundations

My Account

My Organization

Prerequisites

Platform setup

Customization

SDK Limitations

Learn more

Auth Methods Management

Build a Self-Service Account Security Interface

Web Foundations

Native Foundations

My Account

My Organization

Documentation Index

​Prerequisites

​Platform setup

​Customization

​SDK Limitations

​Learn more

Auth Methods Management

Build a Self-Service Account Security Interface

Prerequisites

Platform setup

Customization

SDK Limitations

Learn more