Android (Capacitor WebView: Chrome system WebView, various versions)
iOS (Capacitor WKWebView, iOS 16+)
Browser Console Screenshots:
Android:
PublicKeyCredential is undefined in WebView context.
This prevents WebAuthn (Passkeys) login from initializing in hybrid app.
iOS:
Attempting to use Passkeys in WKWebView (Capacitor app) triggers:
NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
This occurs despite being served over HTTPS and on iOS 16+.
Custom Authentication details (not applicable in this case):
N/A
Web3Auth Initialization and Login Code Snippet
import { Web3Auth } from “@web3auth/base”;
import { PasskeysSfaPlugin } from “@web3auth/passkeys-sfa-plugin”;
// Our initialization is standard as per documentation:
const web3auth = new Web3Auth({
clientId: “<WEB3AUTH_CLIENT_ID>”,
chainConfig: { /* … */ },
// Other config…
});
// Used as documented during the login flow
await web3auth.initModal();
await web3auth.connectTo(/* … */);
Issue Description
We are developing a cross-platform application using Capacitor to target both Android and iOS through hybrid apps (running app UI in a system WebView/WKWebView).
On desktop web and in mobile browsers, Passkeys (WebAuthn) works perfectly.
On mobile, inside the hybrid app context:
Android: The WebView does not expose the WebAuthn APIs, so PublicKeyCredential is undefined, and Passkey usage is blocked.
iOS: WKWebView environments (used by Capacitor/Ionic/Cordova) reject the WebAuthn flow with NotAllowedError, seemingly due to platform security restrictions.
These limitations appear to be directly due to restrictions in WebView implementations, not Web3Auth’s code.
Why We’re Requesting Help
We noticed these same platform limitations have been reported by others (see Chromium issue #948228, WebAuthn W3C #1573), but we believe that with access to native plugins (via Capacitor), it might be technically possible to:
Bridge native FIDO2/webauthn libraries into our app,
Expose them through a plugin for use by Web3Auth or similar web SDKs,
Restore Passkey support natively for in-app authentication flows.
Our Request
We want to:
Confirm that our understanding aligns with the product road map and known platform limitations.
Ask for your permission and guidance to fork/adapt your Passkeys plugin to experiment with custom/native-bridged support for WebAuthn in hybrid mobile apps via Capacitor plugins.
Know if you have internal plans, ongoing work, or recommended approaches for adding Passkey support in hybrid apps, to avoid duplicate efforts or to potentially contribute back.
Summary
Passkeys work in browser web environments, but are blocked in hybrid app WebViews.
We believe we may be able to bridge native FIDO2 APIs via Capacitor plugins and would like your advice and consent to adapt the Web3Auth Passkeys plugin for this use case.
Thank you very much for your support and for providing such a versatile SDK!
We look forward to your response and any guidance you can provide.
Let me know if you want to further tailor this request for a specific repo/forum, or to include more technical context!
Thank you for your detailed and thoughtful post, Germán!
You’ve clearly outlined the issue: Passkeys (WebAuthn) work well in browser environments, but are blocked in hybrid app WebViews (Capacitor on Android/iOS) due to platform-level restrictions—specifically, the lack of WebAuthn API support in WebViews (PublicKeyCredential is undefined on Android, and NotAllowedError on iOS WKWebView).
Confirmation that these are known platform limitations and align with Web3Auth’s current product roadmap.
Permission and guidance to fork/adapt the Passkeys plugin to experiment with native-bridged WebAuthn support via Capacitor plugins.
Information about any internal plans, ongoing work, or best practices for enabling Passkey support in hybrid apps, to avoid duplicate efforts or to potentially contribute improvements back.
Proposed Solution/Guidance
You are correct: current WebView implementations on both Android and iOS do not expose the WebAuthn APIs required for Passkey support. This is a well-documented limitation across hybrid frameworks (see Web3Auth Passkeys FAQ).
Your approach—to bridge native FIDO2/WebAuthn APIs via a Capacitor plugin and adapt the Web3Auth Passkeys plugin—could be a promising workaround. This would require:
Creating a Capacitor plugin that exposes native FIDO2/WebAuthn functionality to the WebView.
Modifying or forking the Web3Auth Passkeys plugin to use this bridge instead of the standard browser APIs.
Next Steps & Recommendations:
You have our encouragement to experiment with this approach! Web3Auth’s SDKs are open source, and contributions or forks for advanced use cases are welcome. Please ensure your fork complies with the Web3Auth license.
If you make progress or have a working prototype, we’d love to hear about it and discuss possible collaboration or upstreaming of your changes.
Internal Roadmap:
Currently, native/hybrid app support for Passkeys is not available out-of-the-box, but it is a feature of interest. Your feedback and experimentation will help inform future development.
Thank you again for your initiative and for reaching out with such a clear and constructive proposal! If you need further technical guidance or want to discuss implementation specifics, please let us know.
Best of luck with your project, and we look forward to any updates or contributions you may have!
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours
Thanks for the reply, i would love to be able to make a fork of the passkeys plugin as this is blocking us to use passkeys wallets, but we can’t find the github repo for the passkeys plugin in your github organization, could you please provide a link?