How do I add passkey authentication to an existing Laravel app?

Install via Composer (`composer require laravel/passkeys`), publish migrations (`php artisan vendor:publish --tag=passkeys-migrations`), run migrations, and add the `PasskeyAuthenticatable` trait to your User model. The package handles routes, middleware, and WebAuthn complexity automatically.

Does this package support Laravel 10+ and PHP 8.1+?

Yes, Laravel Passkeys is optimized for Laravel 9+ and 10+ with PHP 8.1+. It requires OpenSSL and libsodium for cryptographic operations. Check the [GitHub repo](https://github.com/laravel/passkeys-server) for version-specific notes.

Can I use custom User or Passkey models instead of the defaults?

Absolutely. Override the default models in a service provider using `Passkeys::useUserModel()` and `Passkeys::usePasskeyModel()`. The package supports custom schemas while maintaining full functionality.

What browsers/devices support passkeys, and how do I handle unsupported ones?

Passkeys require Chrome 89+, Safari 15.4+, iOS 15.5+, or Android 9+. Use `navigator.credentials` feature detection to redirect unsupported users to password login or prompt for device upgrades. The package includes graceful fallback logic.

How do I customize the passkey registration/verification UI in the frontend?

Use the `@laravel/passkeys` npm package for pre-built JS methods like `Passkeys.register()` and `Passkeys.verify()`. Override `getPasskeyDisplayName()` or `getPasskeyUsername()` in your User model to customize how names appear in the authenticator UI.

Are the passkey routes automatically registered, and can I disable them?

Yes, routes like `/passkeys/login/options` are auto-registered. Disable them via `Passkeys::ignoreRoutes()` in a service provider. You can also replace them entirely by binding custom controllers to the routes.

How secure is the passkey storage, and do I need to manage cryptographic keys?

The package uses WebAuthn’s opaque handles and relies on PHP’s `webauthn/php-authenticator` for cryptographic operations. Ensure `PASSKEYS_USER_HANDLE_SECRET` has high entropy. No manual key management is required beyond standard Laravel security practices.

Can I use passkeys alongside existing password authentication?

Yes, passkeys coexist seamlessly with password auth. The package integrates with Laravel’s guards and middleware. Users can log in via passkeys or passwords, and you can enforce passkeys for specific routes or user roles.

What events are emitted for auditing or analytics?

The package emits `PasskeyRegistered`, `PasskeyVerified`, and `PasskeyDeleted` events. Listen to these in your `EventServiceProvider` to log actions, trigger notifications, or integrate with third-party tools like analytics or SIEM systems.

Are there alternatives to Laravel Passkeys for WebAuthn in Laravel?

Other options include `league/webauthn` (lower-level) or `paragonie/webauthn` (more manual setup). Laravel Passkeys stands out by offering Laravel-native integration (migrations, contracts, routes) and a paired JS client, reducing boilerplate significantly.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Passkeys Laravel Package

laravel/passkeys

Add passwordless WebAuthn/passkey authentication to Laravel. Install migrations, add a trait/contract to your User model, and use the @laravel/passkeys JS client for registration and login. Includes built-in routes for login, confirmation, and passkey management.

View on GitHub

Deep Wiki

Context7

Passkeys for Laravel applications

Frequently asked questions about Passkeys

How do I add passkey authentication to an existing Laravel app?: Install via Composer (`composer require laravel/passkeys`), publish migrations (`php artisan vendor:publish --tag=passkeys-migrations`), run migrations, and add the `PasskeyAuthenticatable` trait to your User model. The package handles routes, middleware, and WebAuthn complexity automatically.
Does this package support Laravel 10+ and PHP 8.1+?: Yes, Laravel Passkeys is optimized for Laravel 9+ and 10+ with PHP 8.1+. It requires OpenSSL and libsodium for cryptographic operations. Check the [GitHub repo](https://github.com/laravel/passkeys-server) for version-specific notes.
Can I use custom User or Passkey models instead of the defaults?: Absolutely. Override the default models in a service provider using `Passkeys::useUserModel()` and `Passkeys::usePasskeyModel()`. The package supports custom schemas while maintaining full functionality.
What browsers/devices support passkeys, and how do I handle unsupported ones?: Passkeys require Chrome 89+, Safari 15.4+, iOS 15.5+, or Android 9+. Use `navigator.credentials` feature detection to redirect unsupported users to password login or prompt for device upgrades. The package includes graceful fallback logic.
How do I customize the passkey registration/verification UI in the frontend?: Use the `@laravel/passkeys` npm package for pre-built JS methods like `Passkeys.register()` and `Passkeys.verify()`. Override `getPasskeyDisplayName()` or `getPasskeyUsername()` in your User model to customize how names appear in the authenticator UI.
Are the passkey routes automatically registered, and can I disable them?: Yes, routes like `/passkeys/login/options` are auto-registered. Disable them via `Passkeys::ignoreRoutes()` in a service provider. You can also replace them entirely by binding custom controllers to the routes.
How secure is the passkey storage, and do I need to manage cryptographic keys?: The package uses WebAuthn’s opaque handles and relies on PHP’s `webauthn/php-authenticator` for cryptographic operations. Ensure `PASSKEYS_USER_HANDLE_SECRET` has high entropy. No manual key management is required beyond standard Laravel security practices.
Can I use passkeys alongside existing password authentication?: Yes, passkeys coexist seamlessly with password auth. The package integrates with Laravel’s guards and middleware. Users can log in via passkeys or passwords, and you can enforce passkeys for specific routes or user roles.
What events are emitted for auditing or analytics?: The package emits `PasskeyRegistered`, `PasskeyVerified`, and `PasskeyDeleted` events. Listen to these in your `EventServiceProvider` to log actions, trigger notifications, or integrate with third-party tools like analytics or SIEM systems.
Are there alternatives to Laravel Passkeys for WebAuthn in Laravel?: Other options include `league/webauthn` (lower-level) or `paragonie/webauthn` (more manual setup). Laravel Passkeys stands out by offering Laravel-native integration (migrations, contracts, routes) and a paired JS client, reducing boilerplate significantly.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

21.4

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 91

+0.5
Forks

input: 5

+0.2
Open issues + PRs

input: 4

+0.4
Releases

input: 3

+0.9
Recency

input: 18

+19.0
Issue opportunity

input: 1

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 20.9

Opportunity

62.3

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

94.9
Contribution need

open_issues + open_prs: 4

2.6
Health factor

archived + recency + open issues

×0.99

Total 62.0

License

MIT

Last release

May 18, 2026

Watchers

Downloads

573K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai