PairPasskey.js
/assets/PairPasskey.js is the browser helper for Passkey/WebAuthn flows in Pair.
It handles:
- fetching login/registration options from backend
- calling
navigator.credentials.create/get - serializing credentials to JSON-safe payloads
- posting verification payloads to API endpoints
- listing and revoking registered passkeys
<script src="/assets/PairPasskey.js" defer></script>Global object:
window.PairPasskey- secure context (
https, or localhost where applicable) -
PublicKeyCredentialsupport - backend endpoints compatible with
PasskeyController
Performs full login flow:
-
beginLogin()-> fetchpublicKeyoptions -
getAssertion()-> call WebAuthn API -
finishLogin()-> verify on backend
Performs full registration flow:
beginRegistration()createCredential()finishRegistration()
Calls GET /api/passkey/list.
Calls DELETE /api/passkey/revoke/{id}.
-
beginLogin(),finishLogin() -
beginRegistration(),finishRegistration() -
createCredential(),getAssertion() -
prepareCreationOptions(),prepareRequestOptions() serializeCredential()-
requestJson(),readJsonResponse() -
isSupported(),ensureSupported() getDefaultTimeZone()
// login
const loginResult = await PairPasskey.login({
optionsUrl: "/api/passkey/login/options",
verifyUrl: "/api/passkey/login/verify",
username: "john"
});
// register (authenticated session required)
const registrationResult = await PairPasskey.register({
optionsUrl: "/api/passkey/register/options?sid=YOUR_SESSION_ID",
verifyUrl: "/api/passkey/register/verify?sid=YOUR_SESSION_ID",
label: "My MacBook"
});requestJson() throws Error for non-2xx responses and adds:
error.statuserror.payload
-
isSupported()checks secure context and required credential APIs. - Credential binary fields are converted with base64url helpers.
- Time zone defaults to browser zone (fallback
UTC) when verifying login.
See also: PasskeyController, PasskeyAuth, PWA, PairPush.js.
