Vault12 Open Source WebAuthn/Passkey Support for Electron on macOS: Enabling Touch ID and iCloud Keychain in Hybrid Desktop Apps

MIAMI--(BUSINESS WIRE)--Vault12 announced today the open-source release of electron-webauthn-mac, a native WebAuthn/Passkey implementation for Electron apps on macOS only that ports Apple's platform authenticators (Touch ID and iCloud Keychain) and cross-device passkey flows directly inside Electron-based desktop applications.

We created electron-webauthn-mac so other teams can ship applications protected by passkeys with Touch ID and iCloud Keychain without re-inventing the wheel. -Max Sky, co-founder and CEO of Vault12.

Share

Why this is important: WebAuthn functionality in Electron apps on macOS is still blocked from real-world adoption.

On macOS, Electron does not provide native prompts for selecting a passkey or security key, and developers must use an Electron native module that invokes the Apple authorization APIs natively, and then manage the flow through IPC between the renderer and main processes.

“WebAuthn and Passkeys are extremely powerful security tools — but only if developers have a reliable platform for app deployment,” said Max Sky, co-founder and CEO of Vault12. “We created electron-webauthn-mac to make that authentication pathway reproducible, auditable, and open-source — so other teams can ship applications protected by passkeys with Touch ID and iCloud Keychain without re-inventing the wheel.”

This highlights why many teams still don’t ship Apple-native passkeys in desktop web apps: the path is platform-specific, native-code heavy, and easy to get wrong. Meanwhile, Electron’s macOS WebAuthn behavior has been a long-running pain point for developers, with reports of the standard navigator.credentials flows being broken or unresponsive on macOS in Electron contexts.

Vault12’s solution: a native polyfill that connects Electron to Apple AuthenticationServices

electron-webauthn-mac is a native implementation and polyfill for macOS that enables Electron apps to use Apple’s AuthenticationServices framework directly — while retaining the ability to access the regular WebAuthn APIs on other platforms. This capability is already included in Vault12 apps.

Key capabilities include:

• Platform & security key authenticators: Touch ID, iCloud Keychain, cross-device QR pairing, and external FIDO2 keys
• PRF extension support to derive symmetric keys from passkeys for client-side encryption (platform authenticators)
• LargeBlob extension support to store/retrieve arbitrary data on the authenticator (platform authenticators)
• System integration to open the macOS Passwords/Password Manager directly from an Electron app
• TypeScript-ready developer experience, with included type definitions and an example Electron app showing best-practice main/renderer bridging

One big reason WebAuthn on macOS in a desktop app is fiddly has to do with the fact that macOS insists on security measures indicating that this app comes from the relying party domain (rpId). Vault12’s project documents and operationalizes the necessary steps, including hosting an apple-app-site-association file and embedding Associated Domains entitlements during code signing – with guidance on provisioning profiles and verification.

Availability

The electron-webauthn-mac is open sourced today (MIT licensed). See the repository documentation for installation and quick start: https://github.com/vault12/electron-webauthn-mac

About Vault12

Vault12 is the pioneer of crypto inheritance and develops security technologies that enable people and companies to protect important secrets — like cryptographic keys and 2FA seeds — using secure, customizable and privacy-focused tooling, including open-source components designed to work offline.

It is a venture-funded company that has raised funding from Winklevoss Capital, Naval Ravikant, Data Collective, and True Ventures.

Vault12 Guard can be found in the Apple App Store and Google Play Store.