Skip to main content

Credential management

This section will cover how to incorporate credential management into your application. Credential management includes the actions a user will take to manage the passkeys in their account. These action can include:

  • Viewing the passkeys registered to their account
  • Adding new passkeys to their account
  • Deleting passkeys from their account
  • Updating specific metadata to help them easily manage their passkeys

Demonstration

The videos below will demonstrate different credential management scenarios.

This first video demonstrates a user navigating to their account settings page to manage their passkeys

This second video demonstrates a user adding a new passkey to their account

This third video demonstrates a user changing the name of one of their passkey

This fourth video demonstrates a user deleting a passkey which will prevent the credential from being used to authenticate into the account

UX Considerations

Below is a list of different user experience notes based on the demonstration above

  1. Passkey management should be made simple to the user. Ensure that all passkeys are managed from a single place in your application, preferably in a place similar to where they currently manage their password
  2. Ensure that your application includes error messages to help troubleshoot when the add or delete processes fail for an unexpected reason
  3. Deleting a passkey using the delete button on the client will NOT remove the passkey from the device that it is generated on. Please be sure to instruct the user to delete the passkey from both the application and directly from their device (security key, phone, or password manager)
    • Failure to do this will allow your platform to continue to prompt users to authenticate with a passkey that was deleted from an application
  4. Never allow a user to edit the passkey's public key directly. Only allow a user to edit a specific set of metadata, such as the nickname of the passkey

Implementation guidance

Guidance on adding a new passkey to a user's account can be found in the Registration Flows section found earlier in this guide.

Implementation guidance on presenting all of a user's passkeys, updating a passkey's nickname, and deleting a passkey can be found in the API Client section found earlier in this guide.