Research & Implementation Path for Passkeys (WebAuthn)

[JoseSzycho]

Description

We need to determine the optimal way to support Passkeys (WebAuthn) within our ecosystem. Since Zitadel provides native support for passwordless authentication, we need to decide whether to leverage the existing Zitadel UI flow or implement a custom API wrapper.

Research Goals

• Option A: Zitadel Auth-UI Integration: Evaluate if we can redirect users to Zitadel’s native device registration flow while maintaining a seamless experience in our auth-ui.
• Option B: Custom API Implementation: Investigate using the Zitadel Management/Auth API to register and verify credentials directly. This would allow for a fully custom UI but increases implementation complexity regarding challenge/response handling.
• Compatibility: Verify how this interacts with our current User and UserIdentity schema.

Acceptance Criteria

• Comparison of user experience between Native UI vs. Custom API.
• Technical feasibility report for a custom API implementation.
• Decision on the final implementation path.