Home
Product documentation
Support homeSupport requestsSystem statusTrust centerTry for free
Start typing to search…

Passkeys for native applications

Passkeys can be used in native applications integrated with Strivacity through the Journey Flow API and supported SDKs. This page outlines the platform requirements and considerations for enabling passkey-based authentication on mobile devices.

Passkey behavior and availability depend on the underlying platform (Android or iOS), device configuration, and application setup.

Platform requirements

Android

To use passkeys on Android devices, the following requirements must be met:

  • The application must run on Android API level 29 or higher
  • The device or emulator must have Google Play services enabled
  • A lock screen must be configured on the device (for example, PIN or pattern)
  • A biometric identifier must be enrolled (for example, fingerprint)
  • A valid authenticator must be available on the device
    • For devices below API level 34, this is provided through Google Play services and requires a signed-in Google account

If these requirements are not met, passkey authentication may fall back to cross-device or external authentication flows.

📘

For details on generating Android app fingerprints required for passkey configuration, see the official Android documentation.

iOS

Passkey support on iOS depends on device capabilities and system configuration.

At a minimum, the device must:

  • Support passkeys (for example, devices with Face ID or Touch ID)
  • Have device security enabled (such as passcode and biometrics)

Additional requirements may apply depending on the application setup and SDK implementation.

Configuration in Strivacity

To enable passkey support for native applications, ensure the following:

  • The application uses an OIDC client (using the Journey Flow API)
  • The SDK configuration tab is properly configured:
    • Native applications must be registered (Android/iOS)
    • Platform-specific identifiers (such as package name or bundle ID) must match the application
  • Relevant settings (such as passkey support or promotion) are enabled in policy configuration

For more information, see the SDK configuration section in the client documentation.

Behavior and limitations

  • Passkeys must be registered for a user account before they can be used for authentication.
  • If a passkey is not available on the device, the authentication flow may fall back to:
    • cross-device authentication
    • external authenticator flows
  • If a passkey is removed from the account but still exists on the device, authentication may fail due to an inconsistent state.

Troubleshooting

Passkey not available on device

If passkeys are not available locally on the device:

  • Verify that all platform requirements are met
  • Check that the device supports passkeys and has biometrics enabled
  • Ensure the application is properly registered in the SDK configuration

Invalid passkey error

An invalid passkey error typically indicates that the passkey used for authentication is not associated with the user account.

This can occur if:

  • The passkey was deleted from the account, but still exists on the device
  • The account and device are out of sync

Related resources

Updated about 2 hours ago