Skip to main content
Passkeys use cryptographic key pairs stored on the user’s device. Authentication happens with a biometric check (such as Face ID, Touch ID, or a fingerprint scan) or a local device PIN. This makes passkeys both safer—since they can’t be phished or reused—and easier to use, since users don’t need to remember or type credentials.

Prerequisites

  • You need to have the Dynamic Client initialized.
  • You need to have the passkey MFA enabled in your environment’s settings in the Dynamic dashboard.

Registering a new passkey

Calling registerPasskey will prompt the user to register a new passkey in their device and register it in the Dynamic server, so next time the user can complete an MFA challenge with it or even sign-in with it if enabled in the environment’s settings. Registering a passkey will automatically authenticate it, so you don’t need to call authenticatePasskeyMFA after registering a passkey. 
import { registerPasskey } from '@dynamic-labs-sdk/client';

const register = async () => {
  await registerPasskey();
};

Doing MFA authentication with a passkey

Calling authenticatePasskeyMFA will prompt the user to authenticate with a passkey in their device and complete an MFA challenge. The authentication will be successful if the user authenticates with the passkey in their device and it gets validated in the Dynamic server. 
import { authenticatePasskeyMFA } from '@dynamic-labs-sdk/client';

const onLogin = async () => {
  await authenticatePasskeyMFA();
};
Pass requestedScopes to receive an elevated access token for sensitive actions: 
import { authenticatePasskeyMFA } from '@dynamic-labs-sdk/client';

const onExportPrivateKeyClick = async () => {
  await authenticatePasskeyMFA({
    requestedScopes: ['wallet:export'],
  });

  // Elevated token is now stored — the SDK attaches it automatically
  await exportWaasPrivateKey(params);
};

With MFA token (deprecated)

createMfaToken is deprecated and will be removed in the next major version. Use requestedScopes instead. See migration guide.
import { authenticatePasskeyMFA } from '@dynamic-labs-sdk/client';

const onExportPrivateKeyClick = async () => {
  await authenticatePasskeyMFA({
    createMfaToken: { singleUse: true },
  });

  await exportWaasPrivateKey(params);
};

Deleting a passkey

Calling deletePasskey will delete a passkey from the Dynamic server. 
import { deletePasskey } from '@dynamic-labs-sdk/client';

const delete = async () => {
  // Replace 'passkey-id' with the actual ID of the passkey you want to delete
  await deletePasskey({passkeyId: 'passkey-id'});
};

Getting all registered passkeys for a user

Calling getPasskeys will return all registered passkeys for the authenticated user. 
import { getPasskeys } from '@dynamic-labs-sdk/client';

const getUserPasskeys = async () => {
  const passkeys = await getPasskeys();
  console.log(passkeys);
};