Skip to content
Working with profiles
WebAuthn

WebAuthn (Authenticator Available)

PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable() is a static method of the WebAuthn API in JavaScript that returns a Promise (boolean).

What it does:

  • Checks for a platform authenticator: It verifies if the device has a built-in authenticator capable of performing user verification (e.g., Fingerprint, Face ID, Windows Hello).
  • Returns true: If such an authenticator is available and ready for use.
  • Returns false: If no built-in authenticator is detected.

Why it's useful:

  • Pre-emptive checks: Allows a web application to determine beforehand whether to offer the user a login option via built-in biometrics.
  • UI Adaptation: You can use it to conditionally show/hide buttons like "Sign in with Face ID" only when the device supports it.
PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
  .then(available => {
    if (available) {
      console.log("A built-in authenticator (e.g., Windows Hello) is available.");
    } else {
      console.log("No built-in authenticator found on this device.");
    }
  });

Built-in authenticators for WebAuthn are implemented via system-level biometric and key-protection mechanisms:

Windows

  • Touch ID / Face ID: Used on MacBooks and Apple devices with biometric sensors.
  • Keys are stored in the Secure Enclave—a dedicated hardware module for cryptography and biometrics.
  • Safari and other browsers on macOS are directly integrated with this hardware, allowing WebAuthn to use built-in biometrics without external security keys.

macOS

  • Touch ID / Face ID: Used on MacBooks and Apple devices with biometric sensors.
  • Keys are stored in the Secure Enclave—a dedicated hardware module for cryptography and biometrics.
  • Safari and other browsers on macOS are directly integrated with this hardware, allowing WebAuthn to use built-in biometrics without external security keys.

The General Concept

  • In both cases, WebAuthn operates through a system API: the browser communicates with the OS.
  • The OS verifies the user (biometrics or PIN).
  • The private key never leaves the device; the website only receives a cryptographic signature that can be verified with a public key.
  • In summary: On Windows, the built-in authenticator is Windows Hello, while on macOS, it is Touch ID / Face ID powered by the Secure Enclave.

Statistics:

  1. Windows: True — 50%, False — 50%
  2. macOS: True — 100%
PlatformVersionBasic information