Laravel has introduced native passkey authentication support through new first-party packages:
Server Side
use Laravel\Passkeys\Contracts\PasskeyUser;use Laravel\Passkeys\PasskeyAuthenticatable; class User extends Authenticatable implements PasskeyUser{ use PasskeyAuthenticatable;}laravel/passkeys-server is published on Packagist as laravel/passkeys. It brings migrations, routes for login, confirmation, and credential management, plus WebAuthn actions, events, and escape hatches when you need custom authorization, responses, or your own route definitions.
Client Side
import { Passkeys } from '@laravel/passkeys' // Registration (authenticated user)await Passkeys.register({ name: 'My MacBook' }) // Verification (login)await Passkeys.verify()@laravel/passkeys handles browser ceremonies—registration and verification—with a small core API and first-class helpers for React, Vue, and Svelte, including SSR-safe hooks so client-only APIs do not fight your framework.
Fortify
Laravel Fortify integrates the stack behind Features::passkeys() and a passkeys section in config/fortify.php, so Fortify apps get the same endpoints and contracts (PasskeyUser, PasskeyAuthenticatable) without reimplementing glue.
Together: server package, npm client, and Fortify line up on routes and contracts so passwordless auth stays boring to wire up and portable across stacks.
