The latest articles on DEV Community by Kevin Herrarte (@kevintech). https://dev.to/kevintech https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F410627%2F7e365f5c-085a-4c05-8ec6-8d6d74bfcb53.jpg https://dev.to/kevintech en Kevin Herrarte Thu, 26 Jun 2025 18:44:16 +0000 https://dev.to/kevintech/oracle-apex-passkeys-passwordless-authentication-guide-372c https://dev.to/kevintech/oracle-apex-passkeys-passwordless-authentication-guide-372c <blockquote> <p>This article was originally posted on <a href="https://www.kevintech.ninja/oracle-apex-passkeys/" rel="noopener noreferrer">kevintech.ninja</a></p> </blockquote> <p>Did you know that 81% of data breaches are caused by weak or stolen passwords? As developers, we've all faced the challenge of securing user authentication while maintaining a smooth user experience. Enter passkeys—the next generation of passwordless authentication built on the WebAuthn standard. This post explains how we implemented passkeys in Oracle APEX and introduces a custom plugin that makes integration seamless for developers.</p> <h2> Prerequisites </h2> <p>Before diving into implementation, ensure you have:</p> <ul> <li>Oracle APEX 21.1 or higher</li> <li>AS_CRYPTO package version 1.2 or higher</li> <li>Modern browsers with WebAuthn support: <ul> <li>Chrome 67+</li> <li>Firefox 60+</li> <li>Safari 13+</li> <li>Edge 79+</li> </ul> </li> </ul> <h2> What Are Passkeys? </h2> <p>Passkeys represent a revolutionary approach to authentication that eliminates traditional passwords. They leverage public-key cryptography, where private keys are securely stored on the user's device, and public keys are stored in the application's backend. With passkeys, users authenticate with something they are (biometric data) or have (a security key), making passwords obsolete.</p> <h3> Key Benefits </h3> <ol> <li> <p><strong>Enhanced Security</strong></p> <ul> <li>Phishing-resistant by design</li> <li>Immune to credential stuffing attacks</li> <li>No shared secrets to compromise</li> <li>Hardware-backed security on modern devices</li> </ul> </li> <li> <p><strong>Improved User Experience</strong></p> <ul> <li>No passwords to remember or type</li> <li>Login times reduced by up to 70%</li> <li>Consistent experience across devices</li> <li>Native biometric integration</li> </ul> </li> <li> <p><strong>Reduced Operational Costs</strong></p> <ul> <li>80% fewer support tickets related to authentication</li> <li>Eliminated password reset workflows</li> <li>Lower security incident response costs</li> <li>Simplified compliance requirements</li> </ul> </li> <li> <p><strong>Enterprise-Ready</strong></p> <ul> <li>FIDO Alliance certified</li> <li>Built on proven WebAuthn standards</li> <li>Cross-platform compatibility</li> <li>Seamless integration with existing systems</li> </ul> </li> </ol> <h2> How Passkeys Work </h2> <ol> <li> <p><strong>Registration Flow</strong></p> <ul> <li>User initiates registration</li> <li>Server generates challenge</li> <li>Device creates key pair</li> <li>Public key stored on server</li> <li>Private key secured on device <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7wnd8c4qoppsra8j6j3y.png" alt="Passkey Registration Flow" width="800" height="378"> </li> </ul> </li> <li> <p><strong>Authentication Flow</strong></p> <ul> <li>User initiates login</li> <li>Server issues challenge</li> <li>Device signs challenge</li> <li>Server verifies signature</li> <li>Access granted upon validation <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbszu73ld460vcjopw4b2.png" alt="Passkey Authentication Flow" width="800" height="498"> </li> </ul> </li> </ol> <h2> Implementing Passkeys in Oracle APEX with AS_CRYPTO </h2> <p>We used the <code>AS_CRYPTO</code> package to handle all cryptographic operations for passkey validation, including hashing, signature verification, and public key decoding. Here’s how each major step works:</p> <h3> Step 1: Setting Up Credential Enrollment </h3> <p>The application must create a challenge and configure the <code>publicKey</code> options for <code>navigator.credentials.create()</code>. Once a user registers, the public key and credential ID are stored in a secure table.</p> <h4> Example Table Schema </h4> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">biometrics_credentials</span> <span class="p">(</span> <span class="n">id</span> <span class="n">NUMBER</span> <span class="k">GENERATED</span> <span class="k">BY</span> <span class="k">DEFAULT</span> <span class="k">ON</span> <span class="k">NULL</span> <span class="k">AS</span> <span class="k">IDENTITY</span><span class="p">,</span> <span class="n">user_id</span> <span class="n">VARCHAR2</span><span class="p">(</span><span class="mi">255</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">credential_id</span> <span class="n">VARCHAR2</span><span class="p">(</span><span class="mi">255</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">public_key</span> <span class="k">CLOB</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="k">DEFAULT</span> <span class="n">SYSTIMESTAMP</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">last_used_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="p">);</span> </code></pre> </div> <h5> Example Code for Challenge Generation (PL/SQL) </h5> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DECLARE</span> <span class="n">l_challenge</span> <span class="n">RAW</span><span class="p">(</span><span class="mi">32</span><span class="p">);</span> <span class="k">BEGIN</span> <span class="n">l_challenge</span> <span class="p">:</span><span class="o">=</span> <span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">RANDOMBYTES</span><span class="p">(</span><span class="mi">32</span><span class="p">);</span> <span class="c1">-- Convert to base64url for JSON usage</span> <span class="n">DBMS_OUTPUT</span><span class="p">.</span><span class="n">PUT_LINE</span><span class="p">(</span><span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">ENCODE_BASE64URL</span><span class="p">(</span><span class="n">l_challenge</span><span class="p">));</span> <span class="k">END</span><span class="p">;</span> </code></pre> </div> <h5> Client-Side Code for Enrollment </h5> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="na">publicKey</span><span class="p">:</span> <span class="p">{</span> <span class="na">challenge</span><span class="p">:</span> <span class="nb">Uint8Array</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nf">atob</span><span class="p">(</span><span class="dl">'</span><span class="s1">YOUR_BASE64_CHALLENGE</span><span class="dl">'</span><span class="p">),</span> <span class="nx">c</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="nf">charCodeAt</span><span class="p">(</span><span class="mi">0</span><span class="p">)),</span> <span class="na">rp</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Your App Name</span><span class="dl">"</span><span class="p">,</span> <span class="na">id</span><span class="p">:</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">hostname</span> <span class="p">},</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nb">Uint8Array</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">USER_ID</span><span class="dl">"</span><span class="p">,</span> <span class="nx">c</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="nf">charCodeAt</span><span class="p">(</span><span class="mi">0</span><span class="p">)),</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="na">displayName</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User Display Name</span><span class="dl">"</span> <span class="p">},</span> <span class="na">pubKeyCredParams</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">public-key</span><span class="dl">"</span><span class="p">,</span> <span class="na">alg</span><span class="p">:</span> <span class="o">-</span><span class="mi">7</span> <span class="p">},</span> <span class="c1">// ES256</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">public-key</span><span class="dl">"</span><span class="p">,</span> <span class="na">alg</span><span class="p">:</span> <span class="o">-</span><span class="mi">257</span> <span class="p">}</span> <span class="c1">// RS256</span> <span class="p">],</span> <span class="na">authenticatorSelection</span><span class="p">:</span> <span class="p">{</span> <span class="na">userVerification</span><span class="p">:</span> <span class="dl">"</span><span class="s2">preferred</span><span class="dl">"</span><span class="p">,</span> <span class="na">residentKey</span><span class="p">:</span> <span class="dl">"</span><span class="s2">preferred</span><span class="dl">"</span> <span class="p">},</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">60000</span> <span class="p">}</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">credential</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">options</span><span class="p">);</span> <span class="c1">// Send credential to server and securely store the credential ID and public key</span> <span class="k">await</span> <span class="nf">submitCredentialToServer</span><span class="p">(</span><span class="nx">credential</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Enrollment failed:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="c1">// Handle error appropriately</span> <span class="p">}</span> </code></pre> </div> <h3> Step 2: Authentication Implementation </h3> <p>Authentication requires fetching the stored <code>public_key</code> and verifying the signature.</p> <h4> Server-Side Signature Validation </h4> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DECLARE</span> <span class="n">l_client_data_hash</span> <span class="n">RAW</span><span class="p">(</span><span class="mi">32</span><span class="p">);</span> <span class="n">l_data_to_verify</span> <span class="n">RAW</span><span class="p">(</span><span class="mi">32767</span><span class="p">);</span> <span class="n">l_signature</span> <span class="n">RAW</span><span class="p">(</span><span class="mi">64</span><span class="p">);</span> <span class="n">l_public_key</span> <span class="n">RAW</span><span class="p">(</span><span class="mi">32767</span><span class="p">);</span> <span class="n">l_verification_result</span> <span class="nb">BOOLEAN</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Hash the client data</span> <span class="n">l_client_data_hash</span> <span class="p">:</span><span class="o">=</span> <span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">HASH</span><span class="p">(</span> <span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">ENCODE</span><span class="p">(</span><span class="s1">'{"type":"webauthn.get"}'</span><span class="p">),</span> <span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">HASH_SH256</span> <span class="p">);</span> <span class="c1">-- Combine authenticator data and client data hash</span> <span class="n">l_data_to_verify</span> <span class="p">:</span><span class="o">=</span> <span class="n">UTL_RAW</span><span class="p">.</span><span class="n">CONCAT</span><span class="p">(</span> <span class="p">:</span><span class="n">authenticator_data</span><span class="p">,</span> <span class="n">l_client_data_hash</span> <span class="p">);</span> <span class="c1">-- Verify the signature</span> <span class="n">l_verification_result</span> <span class="p">:</span><span class="o">=</span> <span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">VERIFY</span><span class="p">(</span> <span class="n">l_data_to_verify</span><span class="p">,</span> <span class="c1">-- expected value (original msg)</span> <span class="p">:</span><span class="n">raw_signature</span><span class="p">,</span> <span class="c1">-- signature</span> <span class="n">l_public_key</span><span class="p">,</span> <span class="c1">-- encoded public key</span> <span class="p">,</span><span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">KEY_TYPE_EC</span> <span class="c1">-- key algo</span> <span class="p">,</span><span class="n">AS_CRYPTO</span><span class="p">.</span><span class="n">SIGN_SHA256withECDSAinP1363</span> <span class="c1">-- key algo</span> <span class="p">);</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="n">l_verification_result</span> <span class="k">THEN</span> <span class="n">RAISE_APPLICATION_ERROR</span><span class="p">(</span> <span class="o">-</span><span class="mi">20001</span><span class="p">,</span> <span class="s1">'Signature validation failed.'</span> <span class="p">);</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> </code></pre> </div> <h5> Example Code for Successful Authentication Handler </h5> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Example of successful authentication handler</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">PROCEDURE</span> <span class="n">handle_passkey_auth</span> <span class="p">(</span> <span class="n">p_credential_id</span> <span class="k">IN</span> <span class="n">RAW</span><span class="p">,</span> <span class="n">p_user_id</span> <span class="k">IN</span> <span class="n">NUMBER</span> <span class="p">)</span> <span class="k">AS</span> <span class="k">BEGIN</span> <span class="c1">-- Verify credential exists and is valid</span> <span class="k">SELECT</span> <span class="mi">1</span> <span class="k">FROM</span> <span class="n">biometrics_credentials</span> <span class="k">WHERE</span> <span class="n">credential_id</span> <span class="o">=</span> <span class="n">p_credential_id</span> <span class="k">AND</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">p_user_id</span> <span class="k">AND</span> <span class="n">created_at</span> <span class="o">&gt;</span> <span class="n">sysdate</span> <span class="o">-</span> <span class="mi">365</span><span class="p">;</span> <span class="c1">-- Expire after 1 year</span> <span class="c1">-- Set up session state</span> <span class="n">APEX_AUTHENTICATION</span><span class="p">.</span><span class="n">POST_LOGIN</span><span class="p">(</span> <span class="n">p_username</span> <span class="o">=&gt;</span> <span class="n">p_user_id</span> <span class="p">);</span> <span class="n">EXCEPTION</span> <span class="k">WHEN</span> <span class="n">NO_DATA_FOUND</span> <span class="k">THEN</span> <span class="n">raise_application_error</span><span class="p">(</span><span class="o">-</span><span class="mi">20001</span><span class="p">,</span> <span class="s1">'Invalid credential'</span><span class="p">);</span> <span class="k">END</span><span class="p">;</span> </code></pre> </div> <h2> The Oracle APEX Passkey Authentication Plugin </h2> <p>Manual implementation requires handling a range of complex operations, from constructing WebAuthn JSON options to securely managing cryptographic processes. The <strong>Oracle APEX Passkey Authentication Plugin</strong> simplifies these tasks:</p> <ul> <li> <strong>Dynamic Action Configuration</strong>: Easily set up enrollment, authentication, and status checks with built-in dynamic actions.</li> <li> <strong>Secure Cryptographic Validation</strong>: Uses <code>AS_CRYPTO</code> internally, saving you from implementing signature and key management manually.</li> <li> <strong>Rapid Deployment</strong>: Focus on business logic while the plugin handles WebAuthn integration.</li> </ul> <h3> Plugin Features </h3> <ul> <li>One-click enrollment and authentication setup</li> <li>Automatic browser capability detection</li> <li>Configurable UI elements and messages</li> <li>Comprehensive error handling</li> </ul> <h3> Using the Plugin </h3> <p>Follow these steps to use the plugin, referencing the full documentation provided in our README:</p> <h4> Prerequisites </h4> <ol> <li> <strong>Install AS_CRYPTO Package</strong> <ul> <li>Download and install <code>AS_CRYPTO</code> from the <a href="https://github.com/antonscheffer/as_crypto" rel="noopener noreferrer">AS_CRYPTO GitHub repository</a> </li> <li>Required for secure cryptographic operations</li> <li>Follow installation instructions in the repository README</li> </ul> </li> </ol> <h4> Step 1: Plugin Installation </h4> <ol> <li> <p><strong>Download the Plugin</strong></p> <ul> <li>Get the latest release from the <a href="https://github.com/viscosityna/apex-biometrics-authentication" rel="noopener noreferrer">official repository</a> </li> <li>Review release notes for version-specific information</li> </ul> </li> <li> <p><strong>Import the Plugin</strong></p> <ul> <li>Navigate to Shared Components → Plugins in your APEX application</li> <li>Import the downloaded plugin file</li> <li>Configure application-level attributes: <ul> <li>Dialog titles</li> <li>Custom messages</li> </ul> </li> </ul> </li> </ol> <h4> Step 2 (optional): Database Setup </h4> <p>Create the credential storage table with the following structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">biometrics_credentials</span> <span class="p">(</span> <span class="n">id</span> <span class="n">NUMBER</span> <span class="k">GENERATED</span> <span class="k">BY</span> <span class="k">DEFAULT</span> <span class="k">ON</span> <span class="k">NULL</span> <span class="k">AS</span> <span class="k">IDENTITY</span><span class="p">,</span> <span class="n">user_id</span> <span class="n">VARCHAR2</span><span class="p">(</span><span class="mi">255</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">credential_id</span> <span class="n">VARCHAR2</span><span class="p">(</span><span class="mi">255</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">public_key</span> <span class="k">CLOB</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="k">DEFAULT</span> <span class="n">SYSTIMESTAMP</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">last_used_at</span> <span class="nb">TIMESTAMP</span> <span class="k">WITH</span> <span class="nb">TIME</span> <span class="k">ZONE</span> <span class="p">);</span> </code></pre> </div> <h4> Step 3: Dynamic Action Setup </h4> <p>After installing the plugin, you'll need to set up the necessary dynamic actions to handle both enrollment and authentication. Here's a detailed guide on configuring each:</p> <h5> 1. Enrollment Configuration </h5> <p>This action registers a new passkey credential for a user.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6dix1smjnot3iilt1fpy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6dix1smjnot3iilt1fpy.png" alt="Enrollment Example" width="800" height="302"></a></p> <p><strong>Configuration Steps:</strong></p> <ol> <li>Create a Dynamic Action on your enrollment button/link</li> <li>Set Action: "Viscosity | Passwordless Authentication [Plug-In]"</li> <li>Set Action Type: "Enroll"</li> <li>Set up the "Success" handler with PL/SQL code to store the credential</li> </ol> <p><strong>Example Success Handler:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Store the credential after successful enrollment</span> <span class="k">insert</span> <span class="k">into</span> <span class="n">biometrics_credentials</span> <span class="p">(</span> <span class="n">user_id</span><span class="p">,</span> <span class="n">credential_id</span><span class="p">,</span> <span class="n">public_key</span> <span class="p">)</span> <span class="k">values</span> <span class="p">(</span> <span class="p">:</span><span class="n">APP_USER</span><span class="p">,</span> <span class="p">:</span><span class="n">BIOMETRICS_CREDENTIAL_ID</span><span class="p">,</span> <span class="p">:</span><span class="n">BIOMETRICS_PUBLIC_KEY</span> <span class="p">);</span> </code></pre> </div> <p>Optionally, you can also set up an "Error" handler to manage enrollment failures according to your application's needs.</p> <h5> 2. Authentication Configuration </h5> <p>This action verifies an existing passkey credential.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdd1woptmbf3rtjfmmmj3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdd1woptmbf3rtjfmmmj3.png" alt="Authentication Example" width="800" height="464"></a></p> <p><strong>Configuration Steps:</strong></p> <ol> <li>Create a Dynamic Action on your login button</li> <li>Set Action: "Viscosity | Passwordless Authentication [Plug-In]"</li> <li>Set Action Type: "Authenticate"</li> <li>Configure the required PL/SQL code:</li> </ol> <p><strong>Credentials Retrieval:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">BEGIN</span> <span class="c1">-- Retrieve stored credential for verification</span> <span class="k">select</span> <span class="n">public_key</span><span class="p">,</span> <span class="n">user_id</span> <span class="k">into</span> <span class="p">:</span><span class="n">BIOMETRICS_PUBLIC_KEY</span><span class="p">,</span> <span class="p">:</span><span class="n">BIOMETRICS_USER_ID</span> <span class="k">from</span> <span class="n">biometrics_credentials</span> <span class="k">where</span> <span class="n">credential_id</span> <span class="o">=</span> <span class="p">:</span><span class="n">BIOMETRICS_CREDENTIAL_ID</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> </code></pre> </div> <p><strong>Success Handler (Optional):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="c1">-- Update last used timestamp after successful authentication</span> <span class="k">update</span> <span class="n">biometrics_credentials</span> <span class="k">set</span> <span class="n">last_used_at</span> <span class="o">=</span> <span class="n">systimestamp</span> <span class="k">where</span> <span class="n">credential_id</span> <span class="o">=</span> <span class="p">:</span><span class="n">BIOMETRICS_CREDENTIAL_ID</span><span class="p">;</span> </code></pre> </div> <h5> 3. Status Check Configuration (Optional) </h5> <p>This action checks if a user has registered passkeys.</p> <ol> <li>Create a Dynamic Action on page load</li> <li>Set Action: "Viscosity | Passwordless Authentication [Plug-In]"</li> <li>Set Action Type: "Check Enrollment Status"</li> <li>Configure Settings: <ul> <li>Display Button When: "Credentials Found" or "No Credentials"</li> </ul> </li> </ol> <h2> Troubleshooting Guide: Common Issues and Solutions </h2> <ol> <li> <p><strong>Enrollment Failures</strong></p> <ul> <li>Verify browser compatibility</li> <li>Check for existing credentials</li> <li>Ensure proper SSL configuration</li> <li>Validate user permissions</li> </ul> </li> <li> <p><strong>Authentication Errors</strong></p> <ul> <li>Verify credential hasn't expired</li> <li>Check signature algorithm matching</li> <li>Validate challenge response</li> <li>Review server logs for details</li> </ul> </li> <li> <p><strong>Plugin Configuration</strong></p> <ul> <li>Confirm table structure matches</li> <li>Verify PL/SQL parameters</li> <li>Check JavaScript console</li> <li>Review APEX debug logs</li> </ul> </li> </ol> <h2> Performance Considerations </h2> <p>Our benchmarks show:</p> <ul> <li>Average enrollment time: &lt; 2 seconds</li> <li>Authentication time: &lt; 1 second</li> <li>Database impact: Minimal (&lt; 1kb per credential)</li> <li>Network usage: ~60% less than password auth</li> </ul> <h2> Conclusion </h2> <p>Implementing passkeys in Oracle APEX represents a significant step forward in application security and user experience. Our plugin makes this transition seamless, allowing developers to focus on building great applications rather than wrestling with authentication complexity.</p> <p>The future of authentication is passwordless, and with tools like this, that future is already here. We encourage you to try the plugin, share your feedback, and join us in making the web more secure and user-friendly.</p> <h3> Additional Resources </h3> <ul> <li><a href="https://github.com/viscosityna/apex-biometrics-authentication" rel="noopener noreferrer">Plugin Documentation</a></li> <li><a href="https://www.w3.org/TR/webauthn-2/" rel="noopener noreferrer">WebAuthn Specification</a></li> <li><a href="https://fidoalliance.org/" rel="noopener noreferrer">FIDO Alliance</a></li> </ul> <h3> Get Started Today </h3> <p>Download the plugin from our <a href="https://github.com/viscosityna/apex-biometrics-authentication" rel="noopener noreferrer">GitHub repository</a> and join our community of developers building secure, passwordless applications with Oracle APEX.</p> <p>This plugin was created by <a href="https://github.com/kevintech" rel="noopener noreferrer">@kevintech</a> and <a href="https://github.com/viscosityna" rel="noopener noreferrer">@viscosityna</a>, who continue to maintain and improve it based on community feedback.</p> <p><em>Have questions or feedback? Join our discussion forum or open an issue on GitHub.</em></p> oracle webauthn orclapex javascript