Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Are passkey’s not valid as identifiers? My app only allows passkeys for authentication, but users can create duplicate accounts because the passkey credential doesn’t allow being specified as the identifier in the schema. Is this normal? Do I need to have password login as well then?

Before migrating to passkeys from webauthn,  the webauthn was able to be specified as an identifier.