DEV Community

Cover image for How the Web Bluetooth API Enhances Passkeys
vdelitz for Corbado

Posted on • Originally published at corbado.com

1

How the Web Bluetooth API Enhances Passkeys

As passkeys become the new standard for secure, passwordless login systems, understanding how Bluetooth and the Web Bluetooth API enhance this technology is critical. Passkeys allow for Cross-Device Authentication (CDA), where a user can authenticate on one device using another, such as a mobile phone. This process is often facilitated by Bluetooth or QR codes, making the Web Bluetooth API a crucial element for developers looking to implement seamless passkey experiences.

Read full blog post here

What is the Web Bluetooth API?

The Web Bluetooth API is a JavaScript interface that enables web applications to interact directly with Bluetooth devices. This API, supported by browsers like Chrome, Edge, and Opera, provides three key functions:

  1. getAvailability(): This function checks if the user’s device supports Bluetooth, which is essential for enabling CDA.
  2. getDevices(): It returns a list of Bluetooth devices that the application is allowed to access.
  3. requestDevice(): This function allows users to pair with a Bluetooth device, offering a more personalized user experience.

Why Bluetooth Detection is Important for Passkeys

Passkeys leverage Bluetooth to provide a seamless user experience during Cross-Device Authentication. Detecting Bluetooth availability is important because not all devices support it, and even if they do, users might have it disabled. The Web Bluetooth API allows developers to check Bluetooth status, ensuring that passkeys can be used effectively or triggering alternative methods if Bluetooth is unavailable.

Challenges and Considerations

While the Web Bluetooth API offers many advantages, such as enhanced user experience and security, it also comes with limitations. Notably, the API is not supported by all browsers — Safari and Firefox being significant exceptions. This can impact the user experience, particularly on Windows devices, where Firefox is prevalent. Additionally, false positives, where the API indicates Bluetooth availability when it’s actually unavailable, can pose challenges for developers.

Adoption and Future Outlook

As of mid-2024, about 76.5% of global users have devices that support the Web Bluetooth API. However, the lack of support in major browsers like Safari and Firefox remains a hurdle. Developers need to be aware of these limitations and prepare fallback authentication methods to maintain a smooth user experience.

Conclusion

The Web Bluetooth API plays an important role in enabling passkey authentication through Bluetooth, enhancing security and user convenience. However, developers must navigate its limitations and ensure robust fallback options are in place. For a deeper dive into the technical specifics and implementation strategies, visit our full blog post.

API Trace View

How I Cut 22.3 Seconds Off an API Call with Sentry 🕒

Struggling with slow API calls? Dan Mindru walks through how he used Sentry's new Trace View feature to shave off 22.3 seconds from an API call.

Get a practical walkthrough of how to identify bottlenecks, split tasks into multiple parallel tasks, identify slow AI model calls, and more.

Read more →

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay