Auth0 Actions: How to Detect Native Passkey Use

Passkeys
Mar 11, 2026
Overview

This Knowledge Article explains how to detect the use of the Native Passkey API in Post-Login Actions to achieve some use cases.

For example, skipping Multi-Factor Authentication (MFA) when using the Native Passkey API for embedded login.

Applies To
  • Native Passkey API
  • Actions
  • Post-Login Trigger
Solution

At the time of writing (March 2026), the best way to detect the use of the Native Passkey is to check event.transaction.protocol.

When the Native Passkey is used for embedded login, the value will be oauth2-webauthn.

if (event.transaction?.protocol === "oauth2-webauthn") {
  // Do or skip something
}

 

NOTE: It is not guaranteed that the value oauth2-webauthn always and exclusively means the Native Passkey. There can be other features that populate this value into event.transaction.protocol in the future.

 

 

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community