Skip to main content
@thru/passkey is the browser WebAuthn package for passkey registration, signing, and popup-based fallback flows. It exposes a single root entry point. There are no subpath exports.

​
Install

npm install @thru/passkey

​
When to use it

Choose @thru/passkey when you are in the browser and need WebAuthn registration, signing, or popup fallback behavior. Choose a different package when:
  • You need to build transaction instructions and wallet context around the passkey signature: use @thru/passkey-manager
  • You only need byte or base64url helpers without WebAuthn flows: use @thru/helpers

​
Import

import {
  registerPasskey,
  signWithPasskey,
  signWithStoredPasskey,
  signWithDiscoverablePasskey,
  isWebAuthnSupported,
  getPasskeyClientCapabilities,
} from '@thru/passkey';

​
Main flows

ExportUse for
registerPasskey( alias, userId, rpId )Creating a new platform passkey for a user profile.
signWithPasskey( credentialId, challenge, rpId )Signing with a known credential ID.
signWithStoredPasskey( challenge, rpId, preferredPasskey, allPasskeys, context? )Signing with stored metadata, including embedded and iframe flows.
signWithDiscoverablePasskey( challenge, rpId )Letting the browser prompt the user to choose from available passkeys.
registerPasskey and the signing helpers all require browser WebAuthn support. When the browser is inside an iframe or the permissions policy blocks inline prompts, the package can fall back to its popup flow.

​
Example

import { isWebAuthnSupported, registerPasskey, signWithPasskey } from '@thru/passkey';

if( !isWebAuthnSupported() ) throw new Error( 'WebAuthn is not available' );

const registration = await registerPasskey( 'Primary device', 'user-123', 'wallet.thru.org' );
const result = await signWithPasskey(
  registration.credentialId,
  challengeBytes,
  'wallet.thru.org'
);

​
Capability checks

Use these exports to decide whether inline WebAuthn is available and whether you should preopen or prefer the popup bridge: isWebAuthnSupported, preloadPasskeyClientCapabilities, getPasskeyClientCapabilities, getCachedPasskeyClientCapabilities, shouldUsePasskeyPopup, isInIframe The package also exports the pieces used by the popup window and its parent window: PASSKEY_POPUP_PATH, PASSKEY_POPUP_READY_EVENT, PASSKEY_POPUP_REQUEST_EVENT, PASSKEY_POPUP_RESPONSE_EVENT, PASSKEY_POPUP_CHANNEL, openPasskeyPopupWindow, closePopup, requestPasskeyPopup Popup-side helpers: toPopupSigningResult, buildSuccessResponse, decodeChallenge, getPopupDisplayInfo, getResponseError, signWithPreferredPasskey, buildStoredPasskeyResult

​
Re-exported helpers

For compatibility with @thru/passkey-manager, the package re-exports these helpers from the root package: parseDerSignature, normalizeLowS, normalizeSignatureComponent, P256_N, P256_HALF_N, bytesToBigIntBE, bigIntToBytesBE, arrayBufferToBase64Url, base64UrlToArrayBuffer, bytesToBase64Url, base64UrlToBytes, bytesToHex, hexToBytes, bytesEqual, compareBytes, uniqueAccounts

​
Types

The root package exports the passkey result and metadata types you use across registration, signing, popup bridging, and capability detection: PasskeyRegistrationResult, PasskeySigningResult, PasskeyDiscoverableSigningResult, PasskeyStoredSigningResult, PasskeyMetadata, PasskeyClientCapabilities, PasskeyPopupContext, PasskeyPopupAccount, PasskeyPopupAction, PasskeyPopupRequestPayload, PasskeyPopupRequest, PasskeyPopupSigningResult, PasskeyPopupStoredPasskey, PasskeyPopupStoredSigningResult, PasskeyPopupRegistrationResult, PasskeyPopupResponse