Auth Passkey

Enables passkey-based authentication with OTP verification for user registration and login.

Features

• Email/Mobile Registration: Support for both email and mobile number registration
• OTP Verification: Secure OTP-based verification during signup
• Passkey Authentication: Passwordless authentication using WebAuthn passkeys
• Account Settings: Users can add passkeys from their account settings
• Seamless Login: Quick and secure login with stored passkeys

How It Works

1. Initial Registration: Users register with email or mobile number and verify via OTP
2. Passkey Creation: After signup, users are prompted to add a passkey
3. Subsequent Logins: Users authenticate using their passkey (no password needed)
4. Existing Users: Users without a passkey can create one from account settings

Installation

npm install @tsc_tech/medusa-plugin-auth-passkey @simplewebauthn/server @simplewebauthn/types

Dependencies

• @simplewebauthn/server
• @simplewebauthn/types

Configuration

Add to your medusa-config.ts with the following environment variables:

• RP_ID: Relying Party ID (your domain)
• RP_NAME: Relying Party Name (your app name)
• FRONTEND_URL: Your frontend URL

Requirements

• A configured notification provider for sending OTPs
• WebAuthn-compatible browser
• HTTPS (required for WebAuthn)

Use Cases

• Passwordless authentication
• Enhanced security without password complexity
• Improved user experience
• Multi-factor authentication
• Biometric authentication support