We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
It seemed that way, it asked me to scan a QR code on my phone to link it, which didn’t happen before.
Or maybe the option to use my phone was some older auth method, where I’d use the fingerprint reader on the phone to confirm a login on the laptop. I thought that was a passkey, but that doesn’t fit with what I’m reading about what it does now.