Web Authentication
WebAuthn.
A W3C standard browser API for public-key cryptographic authentication, the foundation of FIDO2 passkeys.
WebAuthn became a W3C Recommendation in 2019 and is jointly developed with the FIDO Alliance. Level 3 of the specification, current in 2026, adds conditional UI mediation, extension support, and refinements to the attestation model. Every modern browser supports WebAuthn; production use is universal across CIAM platforms.
Common questions
Is WebAuthn the same as passkeys?
Does WebAuthn replace OAuth?
Does WebAuthn require HTTPS?
Related terms
In the guides
Passwordless Authentication: A 2026 Practitioner's Guide
How passkeys, magic links, and biometrics replace passwords in CIAM, with implementation patterns, adoption data, and vendor support.
WebAuthn Explained: How Passkeys Work Under the Hood
WebAuthn is the W3C browser API that powers passkeys. A practical explanation of registration, assertion, RP-IDs, attestation, and the architecture choices that determine adoption.