WebAuthn Passkey Tester (Register + Verify)
Test the WebAuthn / passkey API locally. Click Register to invoke the browser's credential creation flow (Touch ID, Windows Hello, security key, etc.); the tool shows the attestation object, client data JSON, and credential ID it returns. Click Authenticate to verify the credential is valid. Useful when prototyping a passwordless auth flow.
All credentials stored in your browser only. This tool does not communicate with any server; in a real WebAuthn flow, the server validates the attestation and stores the credential public key.
How to use the WebAuthn Passkey Tester (Register + Verify)
Click Register passkey. Your browser prompts to create a new credential (Touch ID, Face ID, Windows Hello, USB security key, etc.). The tool stores the credential ID in localStorage and shows you the attestation object. Click Authenticate to invoke the assertion flow with that credential — you'll see the signature, authenticator data, and client data JSON. Useful for prototyping or learning the WebAuthn API.
Testing passkeys and the WebAuthn API
WebAuthn is the browser API behind passkeys and hardware security keys. Instead of a password, the user's device holds a private key and the website stores only the matching public key. Registration (the create ceremony) makes a new keypair and returns an attestation describing the authenticator; authentication (the get ceremony) signs a server challenge with that private key, proving possession without anything secret crossing the network. The private key never leaves the authenticator — your Touch ID sensor, Windows Hello, or USB key.
This tester drives both ceremonies locally so you can watch what the API returns: the attestation object and client data JSON from registration, and the signature and authenticator data from authentication. It stores the credential only in your browser and talks to no server, which makes it a hands-on way to learn the flow or sanity-check that passkeys work on your device before you build the server side.
Common use cases
- Learning WebAuthn — trigger the real registration and assertion ceremonies and inspect what each returns.
- Device checks — confirm Touch ID, Windows Hello, or a security key works as a passkey in your browser.
- Prototyping — explore the API shape before committing to a server-side implementation.
- Debugging — examine the attestation object and client data when a passkey integration misbehaves.
- Demonstrating passwordless auth — show colleagues how a passkey registers and signs in without a password.