Yeah, unfortunately passkeys are confusing and the UX is generally fucking awful. I hesitate to just blame the tech companies for being greedy, as a result of my experience with passkeys I'm starting to wonder if maybe they've legitimately just lost the skills and knowledge necessary to actually make usable software.
What's most disappointing is, password managers have already solved the problem of syncing credentials securely between multiple devices across different form factors and ecosystems, and they're perfectly usable for providing software passkey support. So of course.. there's no standard API for them to implement it. Instead, vendors are patching the WebAuthn APIs using WebExtensions.
FWIW: MacOS and iOS allow third party password managers to ingrate directly into AuthenticationServices and list passkeys in the native passkey UI through a "Credential Provider" extension. And it's documented how: https://developer.apple.com/documentation/authenticationserv...
This is the same Credential Provider API they already have to integrate with to show the password autofill in iOS so there is already _some_ code for this.
1Password _could_ just integrate with the native UI. But they chose not to.
This however means shipping a native app which is a lot more heavy-weight than shipping a web extension.
I opened an issue in the webauthn repo about giving an API for WebExtensions to hook into the passkey autocomplete but there hasn't been any traction or appetite for it unfortunately :(
> 1Password _could_ just integrate with the native UI. But they chose not to. This however means shipping a native app which is a lot more heavy-weight than shipping a web extension.
I mean, I kind of understand this; they're going to have to do the WebExtension either way, since there's no standard API across platforms.
On the other hand. They already integrate with this API for their iOS app as it's the only way to do password autocomplete on iOS. Why not extend that use to MacOS?
What's most disappointing is, password managers have already solved the problem of syncing credentials securely between multiple devices across different form factors and ecosystems, and they're perfectly usable for providing software passkey support. So of course.. there's no standard API for them to implement it. Instead, vendors are patching the WebAuthn APIs using WebExtensions.
This is sabotage.