How do I add passkey authentication to an existing Laravel app with Jetstream/Breeze?

Install via Composer (`spatie/laravel-passkeys`), publish the migration, and register the Livewire component for passkey creation. Replace or extend your login Blade view with the provided `PasskeyLogin` component. The package integrates seamlessly with Laravel’s default auth system, so no core changes are needed.

Which Laravel versions are supported by this package?

The package supports Laravel 9.x and 10.x. Check the [GitHub repo](https://github.com/spatie/laravel-passkeys) for the latest compatibility notes. It relies on PHP 8.1+, so ensure your server meets these requirements before installation.

Can I use passkeys alongside traditional email/password login?

Yes, the package is designed for hybrid auth. You can enable passkeys as an optional login method by adding the `PasskeyLogin` component to your login form. Fallback to password auth is handled automatically if passkeys fail or aren’t supported.

How do I test passkey flows in PHPUnit without a real device?

Use the `webauthn-php` library to mock WebAuthn responses in tests. The package includes test helpers, but you’ll need to simulate credential creation and authentication. Example: `Passkey::fake()->assertCreated()` or `Passkey::fake()->assertAuthenticated()`.

What browsers/OSes support passkeys, and how do I handle unsupported users?

Passkeys require Chrome 89+, Edge 89+, Safari 15.4+, or iOS 16+/macOS Ventura+. For unsupported users, gracefully fall back to password login with a clear message like ‘Your browser doesn’t support passkeys. Use your email and password instead.’

Do passkeys work with Inertia.js/Vue/React frontends?

The package provides Blade/Livewire components, but Inertia apps can use custom Vue/React components to trigger WebAuthn APIs. The docs include examples for Inertia integration. You’ll need to handle the `navigator.credentials` API calls client-side.

How secure is passkey storage in the database?

Passkey credentials (credential_id, public_key) are stored encrypted in Laravel’s database. The package uses Laravel’s built-in encryption, but ensure your `.env` has a strong `APP_KEY`. For extra security, consider adding database-level encryption or audit logging.

Can I enforce passkeys as the primary login method, replacing passwords?

Technically yes, but it’s risky for users without passkey-compatible devices. Start as a secondary option, then migrate gradually. Use feature flags to toggle passkey enforcement. Example: `config(['auth.passkey_required' => env('PASSKEY_REQUIRED', false)])`.

What if a user loses access to their passkey device?

Passkeys are tied to devices, so losing access means losing authentication. Mitigate this by offering password fallback or a recovery flow (e.g., email verification). The package doesn’t include recovery logic—you’ll need to build this custom.

Are there alternatives to spatie/laravel-passkeys for WebAuthn in Laravel?

Yes, alternatives include `league/webauthn` (low-level) or `auth0/laravel-webauthn`. Spatie’s package stands out for its Laravel-specific components (Livewire/Blade) and ease of integration. For more control, use `league/webauthn` directly, but expect more boilerplate.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Laravel Passkeys Laravel Package

spatie/laravel-passkeys

Add passkey (WebAuthn) login to Laravel without passwords. Includes Livewire components to register/generate passkeys and a Blade component to authenticate users using device-stored credentials (1Password, macOS Keychain, etc.).

View on GitHub

Deep Wiki

Context7

Use passkeys in your Laravel app

Frequently asked questions about Laravel Passkeys

How do I add passkey authentication to an existing Laravel app with Jetstream/Breeze?: Install via Composer (`spatie/laravel-passkeys`), publish the migration, and register the Livewire component for passkey creation. Replace or extend your login Blade view with the provided `PasskeyLogin` component. The package integrates seamlessly with Laravel’s default auth system, so no core changes are needed.
Which Laravel versions are supported by this package?: The package supports Laravel 9.x and 10.x. Check the [GitHub repo](https://github.com/spatie/laravel-passkeys) for the latest compatibility notes. It relies on PHP 8.1+, so ensure your server meets these requirements before installation.
Can I use passkeys alongside traditional email/password login?: Yes, the package is designed for hybrid auth. You can enable passkeys as an optional login method by adding the `PasskeyLogin` component to your login form. Fallback to password auth is handled automatically if passkeys fail or aren’t supported.
How do I test passkey flows in PHPUnit without a real device?: Use the `webauthn-php` library to mock WebAuthn responses in tests. The package includes test helpers, but you’ll need to simulate credential creation and authentication. Example: `Passkey::fake()->assertCreated()` or `Passkey::fake()->assertAuthenticated()`.
What browsers/OSes support passkeys, and how do I handle unsupported users?: Passkeys require Chrome 89+, Edge 89+, Safari 15.4+, or iOS 16+/macOS Ventura+. For unsupported users, gracefully fall back to password login with a clear message like ‘Your browser doesn’t support passkeys. Use your email and password instead.’
Do passkeys work with Inertia.js/Vue/React frontends?: The package provides Blade/Livewire components, but Inertia apps can use custom Vue/React components to trigger WebAuthn APIs. The docs include examples for Inertia integration. You’ll need to handle the `navigator.credentials` API calls client-side.
How secure is passkey storage in the database?: Passkey credentials (credential_id, public_key) are stored encrypted in Laravel’s database. The package uses Laravel’s built-in encryption, but ensure your `.env` has a strong `APP_KEY`. For extra security, consider adding database-level encryption or audit logging.
Can I enforce passkeys as the primary login method, replacing passwords?: Technically yes, but it’s risky for users without passkey-compatible devices. Start as a secondary option, then migrate gradually. Use feature flags to toggle passkey enforcement. Example: `config(['auth.passkey_required' => env('PASSKEY_REQUIRED', false)])`.
What if a user loses access to their passkey device?: Passkeys are tied to devices, so losing access means losing authentication. Mitigate this by offering password fallback or a recovery flow (e.g., email verification). The package doesn’t include recovery logic—you’ll need to build this custom.
Are there alternatives to spatie/laravel-passkeys for WebAuthn in Laravel?: Yes, alternatives include `league/webauthn` (low-level) or `auth0/laravel-webauthn`. Spatie’s package stands out for its Laravel-specific components (Livewire/Blade) and ease of integration. For more control, use `league/webauthn` directly, but expect more boilerplate.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

464

Favorites

463

Forks

Score

34.3

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 464

+2.3
Forks

input: 56

+1.7
Open issues + PRs

input: 0

+0.0
Releases

input: 35

+10.5
Recency

input: 10

+19.5
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 34.0

Opportunity

39.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

60.9
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×1.00

Total 39.4

License

MIT

Last release

May 26, 2026

Watchers

Downloads

126K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai