Skip to main content
When a user account is created in Byzantine, either they themselves or their entity are set up with a digital wallet. This wallet is linked to either the end user’s device or email address, meaning no intermediaries (Byzantine or the integrator) could ever make transactions on their behalf.

Passkey

The authentication method for Byzantine accounts is passkey (WebAuthn). Once set up, this is used to authenticate the user whenever they make a transaction.

Technical implementation

Setup:By choosing this method, the user will be prompted to add their passkey to their device, either through the browser’s built-in passkey management, through a third-party passkey manager, or through their mobile device’s passkey management.Once the passkey is created by the user, it will be used to authenticate the user when making transactions. A same user can have multiple passkeys, and can use different passkeys for different purposes.Rather than implementing the passkey creation process yourself, you can use our Integrator SDK to easily create the passkey for your users.

Installation

Initialize the Byzantine Client

Usage example

Discoverable and non-discoverable credentials

A discoverable credential is a self-contained credential that is stored on the end-user’s device. For UX, the end-user is prompted to select their passkey from a list of their passkeys and choose which device/passkey they’d like to use.
If you choose to create discoverable credentials for your users, it is not necessary to store their credential ID.
A non-discoverable credential is a credential that isn’t fully stored on the end-user’s device. The integrator must store the credential ID. For UX, the user is prompted to authenticate with their passkey directly without having to select it from a list.
For non-discoverable credentials, you must store the credential ID returned from createPasskey, namely, attestationData.credentialId. When authenticating transactions, pass this credential ID as the second parameter to client.webauthn.getStamp(payload, credentialId) (cf. Passkey Authentication tab).
By default, the Byzantine SDK will create discoverable credentials when the device supports it. To create non-discoverable credentials, you can set the residentKey option to "discouraged":