Skip to content

Commit e8a78e0

Browse files
authored
[codex] sync passkey docs (#580)
* sync passkey docs * fix passkey shim docs
1 parent 25b97ea commit e8a78e0

5 files changed

Lines changed: 44 additions & 20 deletions

File tree

apps/docs/src/config/llmsCustomSets.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ Plugin Native Purchases|in-app purchases and subscriptions plugin|docs/plugins/n
6868
Plugin Navigation Bar|Android navigation bar customization plugin|docs/plugins/navigation-bar/**
6969
Plugin NFC|NFC reading and writing plugin|docs/plugins/nfc/**
7070
Plugin Pay|Apple Pay and Google Pay integration plugin|docs/plugins/pay/**
71-
Plugin Passkey|browser-style WebAuthn passkey plugin with native shims and generated platform configuration|docs/plugins/passkey/**
71+
Plugin Passkey|browser-style WebAuthn passkey plugin that handles native calls and host patching|docs/plugins/passkey/**
7272
Plugin Privacy Screen|privacy screen plugin for hiding app content in system previews and screenshots|docs/plugins/privacy-screen/**
7373
Plugin Proximity|native proximity sensor plugin for face, hand, and surface detection|docs/plugins/proximity/**
7474
Plugin PDF Generator|PDF generation plugin|docs/plugins/pdf-generator/**

apps/docs/src/content/docs/docs/plugins/passkey/getting-started.mdx

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,12 @@ import { PackageManagers } from 'starlight-package-managers'
3636
export default config;
3737
```
3838

39-
4. **Import the shim once**
39+
4. **Install the shim during bootstrap**
4040

4141
```ts
42-
import '@capgo/capacitor-passkey/auto';
42+
import { CapacitorPasskey } from '@capgo/capacitor-passkey';
43+
44+
await CapacitorPasskey.autoShimWebAuthn();
4345
```
4446

4547
5. **Keep your normal WebAuthn flow**
@@ -61,7 +63,7 @@ The config is read from `plugins.CapacitorPasskey` in `capacitor.config.*`.
6163

6264
- `origin`: primary HTTPS relying-party origin used by the shim and direct API
6365
- `domains`: extra relying-party hostnames to patch into native config during sync
64-
- `autoShim`: defaults to `true` when you use `@capgo/capacitor-passkey/auto`
66+
- `autoShim`: defaults to `true` and controls the native `cap sync` auto-configuration hook
6567

6668
## What sync patches for you
6769

apps/docs/src/content/docs/docs/plugins/passkey/index.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ import { Card, CardGrid } from '@astrojs/starlight/components';
2727
Keep `navigator.credentials.create()` and `navigator.credentials.get()` in your app instead of rewriting your passkey flow around a custom API.
2828
</Card>
2929
<Card title="Minimal app changes" icon="pencil">
30-
Add plugin config once, import `@capgo/capacitor-passkey/auto`, and keep the rest of your WebAuthn code close to the browser implementation.
30+
Add plugin config once, call `CapacitorPasskey.autoShimWebAuthn()` during bootstrap, and keep the rest of your WebAuthn code close to the browser implementation.
3131
</Card>
3232
<Card title="Build-time native wiring" icon="setting">
3333
The plugin patches the generated iOS and Android host projects during sync so you do not need to keep hand-editing those files.

apps/web/src/config/plugins.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ const actionDefinitionRows =
4848
@capgo/capacitor-streamcall|github.com/Cap-go|Integrate video calling and live streaming with Stream SDK for real-time communication|https://github.com/Cap-go/capacitor-streamcall/|Streamcall
4949
@capgo/capacitor-autofill-save-password|github.com/Cap-go|Prompt users to save passwords to device autofill for seamless login experience|https://github.com/Cap-go/capacitor-autofill-save-password/|Autofill Save Password
5050
@capgo/capacitor-social-login|github.com/Cap-go|Authenticate users with Google, Facebook, and Apple Sign-In for easy social login|https://github.com/Cap-go/capacitor-social-login/|Social Login
51-
@capgo/capacitor-passkey|github.com/Cap-go|Use browser-style WebAuthn passkeys in Capacitor with a native shim and generated platform configuration|https://github.com/Cap-go/capacitor-passkey/|Passkey
51+
@capgo/capacitor-passkey|github.com/Cap-go|Keep browser-style WebAuthn code in Capacitor while native passkey calls and host patching are handled for you|https://github.com/Cap-go/capacitor-passkey/|Passkey
5252
@capgo/capacitor-jw-player|github.com/Cap-go|Embed JW Player for professional video streaming with ads and analytics support|https://github.com/Cap-go/capacitor-jw-player/|JW Player
5353
@capgo/capacitor-ricoh360-camera-plugin|github.com/Cap-go|Control Ricoh Theta 360-degree cameras for immersive panoramic photography|https://github.com/Cap-go/capacitor-ricoh360-camera-plugin/|Ricoh360 Camera
5454
@capgo/capacitor-admob|github.com/Cap-go|Monetize your app with Google AdMob banner, interstitial, and rewarded ads|https://github.com/Cap-go/capacitor-admob/|AdMob

apps/web/src/content/plugins-tutorials/en/capacitor-passkey.md

Lines changed: 36 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,11 @@ published: true
44
---
55
# Using @capgo/capacitor-passkey
66

7-
`@capgo/capacitor-passkey` lets a Capacitor app keep the same WebAuthn flow you already use on the web:
7+
Keep your browser-style WebAuthn code in a Capacitor app while the plugin handles native passkey calls and native host patching.
8+
9+
## Browser-style API
10+
11+
`@capgo/capacitor-passkey` keeps the same WebAuthn flow you already use on the web:
812

913
```ts
1014
await navigator.credentials.create({ publicKey: registrationOptions });
@@ -13,7 +17,7 @@ await navigator.credentials.get({ publicKey: requestOptions });
1317

1418
On native builds, the plugin installs a shim for `navigator.credentials.create()` and `navigator.credentials.get()`, forwards the request to iOS and Android passkey APIs, and returns browser-like credential objects to your app.
1519

16-
## Install the plugin
20+
## Install and sync native projects
1721

1822
```bash
1923
bun add @capgo/capacitor-passkey
@@ -43,23 +47,28 @@ const config: CapacitorConfig = {
4347
export default config;
4448
```
4549

50+
## What the plugin config does
51+
52+
The config is read from `plugins.CapacitorPasskey` in `capacitor.config.*`.
53+
54+
- `origin`: primary HTTPS relying-party origin used by the shim and direct API
55+
- `domains`: extra relying-party hostnames to patch into native config during sync
56+
- `autoShim`: defaults to `true` and controls the native `cap sync` auto-configuration hook
57+
4658
Run sync again after changing the config:
4759

4860
```bash
4961
bunx cap sync
5062
```
5163

52-
During sync, the plugin patches the generated native host projects:
53-
54-
- iOS: associated domains entitlements
55-
- Android: `asset_statements` metadata for Digital Asset Links
56-
57-
## Import the shim once
64+
## Install the shim during bootstrap
5865

59-
Import the auto entrypoint in your app bootstrap:
66+
Import the plugin from the standard package entrypoint, then install the shim during app bootstrap:
6067

6168
```ts
62-
import '@capgo/capacitor-passkey/auto';
69+
import { CapacitorPasskey } from '@capgo/capacitor-passkey';
70+
71+
await CapacitorPasskey.autoShimWebAuthn();
6372
```
6473

6574
After that, your existing browser-style passkey code can stay the same.
@@ -76,20 +85,33 @@ const assertion = await navigator.credentials.get({
7685
});
7786
```
7887

88+
## What sync patches for you
89+
90+
During `bunx cap sync`, the plugin updates the generated native host projects:
91+
92+
- iOS: associated domains entitlements and Xcode entitlements wiring when needed
93+
- Android: `asset_statements` metadata and the generated resource used by the manifest
94+
7995
## Native setup still needs website trust files
8096

81-
The plugin reduces app-side work, but passkeys still depend on the website trust files for your relying-party domain:
97+
The plugin reduces app-side work, but passkeys still depend on the website trust files for your relying-party domain. You still need to host:
8298

83-
- iOS needs `/.well-known/apple-app-site-association`
84-
- Android needs `/.well-known/assetlinks.json`
99+
- `https://your-domain/.well-known/apple-app-site-association`
100+
- `https://your-domain/.well-known/assetlinks.json`
85101

86-
The detailed setup is documented here:
102+
The plugin can patch the generated native projects during sync, but it cannot create or host those website trust files for you.
103+
104+
## Platform guides
87105

88106
- [Getting started](/docs/plugins/passkey/getting-started/)
89107
- [iOS setup](/docs/plugins/passkey/ios/)
90108
- [Android setup](/docs/plugins/passkey/android/)
91109
- [Backend notes](/docs/plugins/passkey/backend/)
92110

111+
## Important iOS note
112+
113+
On iOS 17.4 and newer, the plugin uses the browser-style client-data API so the configured HTTPS origin is reflected in `clientDataJSON`.
114+
93115
## Important Android caveat
94116

95117
Android Credential Manager can share the same relying party and passkeys as your website when Digital Asset Links are configured, but the native assertion origin is not identical to a browser origin. If your backend strictly validates `clientDataJSON.origin`, make sure it accepts the Android app origin alongside your website origin.

0 commit comments

Comments
 (0)