Client Hints

Wed, 24 Sep 2025 05:07:38 +0000

Overview

When creating a passkey, WebAuthn Clients display a credential manager selection screen asking users to choose where to store their new passkey. The selector typically defaults to local credential managers because they offer immediate availability and support for synced passkeys, the default credential type in unmanaged, consumer contexts.

During a sign in flow, the WebAuthn Client will do its best to help the user select a passkey which is immediately available, and fall back to an external authenticator selection screen. This typically shows an option for FIDO Cross-Device Authentication and security keys. In environments where only security keys are allowed, having additional options such as displaying a QR code for cross-device authentication flows can confuse users and lead to unnecessary support costs.

Related Origin Requests

Thu, 22 Aug 2024 15:20:51 +0000

Use Cases

The two use cases for Related Origin Requests (ROR) are deployments which use different country code top-level domains (ccTLD) across the world, and deployments where different branding is used for different services.

To address these use cases, it is recommended to leverage industry-standard federation protocols such as OpenID Connect. This approach facilitates a centralized login experience, by using a dedicated login page (e.g., login.example.com) that serves as the authentication point for all origins and services.

Advanced on passkeys.dev

Client Hints

Overview

Related Origin Requests

Use Cases