Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Back to Gen 1 DocsLearn more about Gen 2

Choose your framework/language

Edit on GitHub

Page updated Jun 24, 2025

Manage WebAuthn credentials

WebAuthn registration and authentication are not currently supported on React Native, other passwordless features are fully supported.

Amplify Auth uses passkeys as the credential mechanism for WebAuthn. The following APIs allow users to register, keep track of, and delete the passkeys associated with their Cognito account.

Learn more about using passkeys with Amplify.

Associate WebAuthn credentials

Note that users must be authenticated to register a passkey. That also means users cannot create a passkey during sign up; consequently, they must have at least one other first factor authentication mechanism associated with their account to use WebAuthn.

You can associate a passkey using the following API:

import { associateWebAuthnCredential} from 'aws-amplify/auth';


await associateWebAuthnCredential();

The user will be prompted to register a passkey using their local authenticator. Amplify will then associate that passkey with Cognito.

List WebAuthn credentials

You can list registered passkeys using the following API:

import { listWebAuthnCredentials } from 'aws-amplify/auth';


const result = await listWebAuthnCredentials();


for (const credential of result.credentials) {
	console.log(`Credential ID: ${credential.credentialId}`);
	console.log(`Friendly Name: ${credential.friendlyCredentialName}`);
	console.log(`Relying Party ID: ${credential.relyingPartyId}`);
	console.log(`Created At: ${credential.createdAt}`);
}

Delete WebAuthn credentials

You can delete a passkey with the following API:

import { deleteWebAuthnCredential } from 'aws-amplify/auth';


const id = "credential-id-to-delete";


await deleteWebAuthnCredential({
  credentialId: id
});

Practical example

Here is a code example that uses the list and delete APIs together. In this example, the user has 3 passkeys registered. They want to list all passkeys while using a pageSize of 2 as well as delete the first passkey in the list.

import { 
  listWebAuthnCredentials,
  deleteWebAuthnCredential
} from 'aws-amplify/auth';


let passkeys = [];


const result = await listWebAuthnCredentials({ pageSize: 2 });


passkeys.push(...result.credentials);


const nextPage = await listWebAuthnCredentials({
  pageSize: 2,
  nextToken: result.nextToken,
});


passkeys.push(...nextPage.credentials);


const id = passkeys[0].credentialId;


await deleteWebAuthnCredential({
  credentialId: id
});
PREVIOUS
Manage passwords
NEXT
Manage devices
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2025, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.