Yes, Progressive Web Apps (PWAs) can utilize device biometrics for user authentication. PWAs are web applications that offer a native app-like experience on any platform or device, including mobile devices. They can access native device capabilities using APIs, and one such capability is biometric authentication.
To enable device biometric authentication in a PWA, developers can utilize the Web Authentication API
, specifically the PublicKeyCredential
interface. This API allows web applications to create, store, and use public-key credentials for user authentication. It supports various authentication factors, including platform authenticators that utilize device biometrics like fingerprint or face recognition.
When a user opts for biometric authentication in a PWA, the web application prompts the user to provide their biometric data, which is then enrolled and securely stored as a public-key credential. Subsequently, when the user tries to authenticate, the biometric data is matched with the enrolled credential, providing a secure and convenient authentication experience.
It’s important to note that support for biometric authentication may vary across devices and browsers. Developers should check for compatibility using feature detection techniques like the navigator.credentials
API and provide fallback options if biometric authentication is not supported. These fallback options could include traditional password-based authentication or other supported authentication methods.