Add support for Passkey Credential Synchronization Signals #718
Description
Describe the Proposed Feature
This issue proposes adding helper methods to SimpleWebAuthn to support the new PublicKeyCredential static signals for passkey lifecycle management:
signalAllAcceptedCredentials()signalCurrentUserDetails()signalUnknownCredential()
Motivation
Currently, passkeys stored in an authenticator can become out-of-sync with the Relying Party's state. This leads to a poor user experience, such as users being prompted to use credentials that have already been deleted from their account, or seeing outdated user information during authentication.
These new static signal methods provide a standard way for the RP to communicate credential status back to the authenticator, allowing it to perform cleanup and synchronization. Integrating this into SimpleWebAuthn would provide developers with a complete toolkit for managing the passkey lifecycle and significantly improve the end-user experience.
Proposed Solution
The implementation would primarily involve adding a new helper function to the @simplewebauthn/browser package. This function would abstract the direct calls to the static methods on PublicKeyCredential.
A potential implementation could look like this:
// In @simplewebauthn/browser
/**
* Send a signal to the authenticator to update its credential state.
*/
export async function signalPasskeyUpdate(
signalType: 'all-accepted' | 'current-user' | 'unknown',
options: AllAcceptedCredentialsOptions | CurrentUserDetailsOptions | UnknownCredentialOptions
): Promise<void> {
if (signalType === 'all-accepted') {
await PublicKeyCredential.signalAllAcceptedCredentials(options);
} else if (signalType === 'current-user') {
await PublicKeyCredential.signalCurrentUserDetails(options);
} else if (signalType === 'unknown') {
await PublicKeyCredential.signalUnknownCredential(options);
}
}
// Example Usage:
// After a user updates their name
await signalPasskeyUpdate('current-user', {
userId: ...,
name: 'New Name',
displayName: 'New Display Name',
});
// After a user deletes a passkey, sync the remaining valid ones
await signalPasskeyUpdate('all-accepted', {
acceptedCredentials: [ { type: 'public-key', id: ... }, ... ],
});While the options are straightforward and could be constructed manually, providing a typed, browser-side helper would align perfectly with the library's goal of simplifying WebAuthn implementation.
Adopting these APIs would be a forward-looking step to ensure SimpleWebAuthn continues to offer a best-in-class developer and user experience for passkeys.