A modern, passwordless authentication system built with Next.js, WebAuthn passkeys, and Supabase. Features bot protection via CAPTCHA and is optimized for deployment on Cloudflare Pages with Edge Runtime compatibility.
- π Passwordless Authentication: Secure login using WebAuthn passkeys (Face ID, Touch ID, Windows Hello)
- π€ Bot Protection: Integrated Cap.js CAPTCHA system (configurable)
- β‘ Edge Runtime: Optimized for Cloudflare Pages deployment
- ποΈ Supabase Integration: User management and data persistence
- π± Responsive Design: Modern UI with Tailwind CSS and shadcn/ui components
- π JWT Security: Secure session management
- π Cross-Platform: Works across devices and browsers
- π οΈ TypeScript: Full type safety throughout the codebase
- Node.js 18+
- pnpm (recommended) or npm
- Supabase account
- Cloudflare Pages account (for deployment)
-
Clone the repository
git clone https://github.com/GaryKu0/passkey-nextjs.git cd passkey-nextjs -
Install dependencies
pnpm install
-
Set up environment variables
cp .env.example .env
Configure your
.envfile with:- Supabase credentials
- JWT secret
- Domain configuration
- CAPTCHA settings (optional)
-
Set up Supabase database
Create a
userstable in your Supabase project:CREATE TABLE users ( id UUID DEFAULT gen_random_uuid() PRIMARY KEY, username TEXT UNIQUE NOT NULL, email TEXT, display_name TEXT, credentials JSONB DEFAULT '[]'::jsonb, created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(), updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() ); -- Create indexes for better performance CREATE INDEX idx_users_username ON users(username); CREATE INDEX idx_users_email ON users(email);
-
Run the development server
pnpm dev
-
Open your browser
Navigate to
http://localhost:3000to see the application.
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URL |
Your Supabase project URL | β |
NEXT_PUBLIC_SUPABASE_ANON_KEY |
Supabase anonymous key | β |
JWT_SECRET |
Secret for JWT signing | β |
NEXT_PUBLIC_RP_ID |
WebAuthn Relying Party ID | β |
NEXT_PUBLIC_RP_NAME |
Your application name | β |
NEXT_PUBLIC_RP_ORIGIN |
Your application origin URL | β |
ENABLE_CAPTCHA |
Enable/disable CAPTCHA protection | |
CAP_SECRET_KEY |
Cap.js secret key |
The application supports optional CAPTCHA protection during registration:
Enable CAPTCHA:
ENABLE_CAPTCHA=true
NEXT_PUBLIC_ENABLE_CAPTCHA=true
CAP_ENDPOINT=https://your-captcha-service.com
CAP_SECRET_KEY=your_secret_key
NEXT_PUBLIC_CAP_SITE_KEY=your_site_keyDisable CAPTCHA (for development/testing):
ENABLE_CAPTCHA=false
NEXT_PUBLIC_ENABLE_CAPTCHA=falseThis application is optimized for Cloudflare Pages deployment:
-
Connect your repository to Cloudflare Pages
-
Set build settings:
- Build command:
pnpm build - Build output directory:
.next - Framework preset:
Next.js (Static HTML Export)
- Build command:
-
Configure environment variables in Cloudflare Pages dashboard
-
Deploy - Your application will be available on Cloudflare's global CDN
The application also works on:
- Vercel
- Netlify
- Railway
- Any platform supporting Next.js Edge Runtime
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Client App β β API Routes β β Supabase β
β β β β β β
β β’ React/Next.js βββββΊβ β’ Edge Runtime βββββΊβ β’ User Storage β
β β’ WebAuthn β β β’ JWT Auth β β β’ PostgreSQL β
β β’ Cap.js Widget β β β’ CAPTCHA Check β β β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
- Frontend: Next.js 14 with App Router
- Authentication: WebAuthn via @simplewebauthn/browser
- Database: Supabase (PostgreSQL)
- Runtime: Edge Runtime for optimal performance
- UI: Tailwind CSS + shadcn/ui components
- Bot Protection: Cap.js CAPTCHA system
Comprehensive API documentation is available in API_INTEGRATION_GUIDE.md.
POST /api/auth/register-begin
POST /api/auth/register-completePOST /api/auth/login-begin
POST /api/auth/login-completeGET /api/auth/me
POST /api/auth/logout# Development
pnpm dev # Start development server
pnpm build # Build for production
pnpm start # Start production server
pnpm lint # Run ESLint
pnpm type-check # Run TypeScript checkspasskey-nextjs/
βββ app/ # Next.js App Router
β βββ api/auth/ # Authentication API routes
β βββ globals.css # Global styles
β βββ layout.tsx # Root layout
β βββ page.tsx # Home page
βββ components/ # React components
β βββ auth/ # Authentication components
β βββ ui/ # shadcn/ui components
βββ hooks/ # Custom React hooks
βββ lib/ # Utility libraries
β βββ auth-utils.ts # Authentication utilities
β βββ cap-utils.ts # CAPTCHA utilities
β βββ jwt.ts # JWT handling
β βββ supabase.ts # Supabase client
β βββ webauthn.ts # WebAuthn utilities
βββ docs/ # Documentation
- WebAuthn Standard: Industry-standard passwordless authentication
- CAPTCHA Protection: Bot prevention during registration
- JWT Security: Secure session management with signed tokens
- Edge Runtime: Enhanced security with Cloudflare's global network
- Input Validation: Comprehensive server-side validation
- Rate Limiting: Built-in protection against abuse
| Browser | Version | Status |
|---|---|---|
| Chrome | 67+ | β Full Support |
| Firefox | 60+ | β Full Support |
| Safari | 14+ | β Full Support |
| Edge | 79+ | β Full Support |
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- SimpleWebAuthn - WebAuthn library
- Supabase - Backend as a Service
- Cap.js - CAPTCHA solution
- shadcn/ui - UI components
- Cloudflare Pages - Deployment platform
If you encounter any issues or have questions:
- Check the API Integration Guide
- Search existing Issues
- Create a new issue with detailed information
Built with β€οΈ for the passwordless future