Skip to content

codetheworld-io/passkey-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
public
public
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

Passkey Authentication Demo (WebAuthn + Node.js)

This repository contains a simple, end-to-end example of passkey authentication built with Node.js, Express, and plain HTML/JavaScript.

The goal of this project is educational:
to show how passkeys work, how WebAuthn flows are structured, and how you can implement passwordless authentication without heavy frameworks or abstractions.

If you’ve read the accompanying Medium article, this repository is the hands-on companion to that walkthrough.

What This Project Demonstrates

  • Passkey (WebAuthn) registration flow
  • Passkey authentication (login) flow
  • Browser-based WebAuthn API usage
  • Minimal Node.js backend handling challenges
  • Plain HTML + vanilla JavaScript frontend
  • Passwordless, phishing-resistant authentication

No passwords are stored.
No secrets are shared.

Tech Stack

  • Node.js
  • Express
  • express-session
  • WebAuthn (Browser API)
  • HTML + Vanilla JavaScript

This project intentionally avoids frontend frameworks to keep the logic easy to follow.

Project Structure

passkey-demo/ 
├─ server.js # Node.js + Express backend
├─ public/
│ ├─ index.html # Minimal UI
│ └─ main.js # WebAuthn client logic

Getting Started

Prerequisites

  • Node.js 18+ recommended
  • A modern browser that supports passkeys (Chrome, Safari, Edge, Firefox)
  • Local development on http://localhost

WebAuthn requires a secure context.
http://localhost is allowed for development.

Install Dependencies

npm ci

Run the Server

node server.js

Then open your browser at:

http://localhost:3000

How to Use the Demo

  1. Click Register Passkey

    • Your device will prompt for biometrics or a PIN
    • A passkey is created and stored securely on your device

  2. Click Login with Passkey

    • No password required
    • Authentication happens instantly using the passkey

Important Notes

  • This project uses in-memory storage for simplicity (data is lost when the server restarts)
  • Cryptographic verification is intentionally simplified
  • Do not use this code as-is in production
  • For real applications, use a well-tested library such as:
    • @simplewebauthn/server

How You Can Extend This Project

This demo is a foundation you can build on:

  • Persist users and credentials in a database
  • Support multiple passkeys per user
  • Add session-based or JWT authentication
  • Enable cross-device passkey sign-in
  • Improve UI and error handling
  • Add proper verification and security checks

Why Passkeys?

Passkeys eliminate:

  • Password reuse
  • Phishing attacks
  • Credential leaks

They rely on:

  • Public-key cryptography
  • Built-in OS security
  • User-friendly biometrics

They are simpler for users and safer for developers.

Related Article

This repository accompanies the Medium article: "Building a Simple Passkey Authentication App with Node.js"

About

A minimal, easy-to-understand passkey authentication example built with Node.js and vanilla HTML/JS.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages