Physical Badges with integrated Passkeys
How to build a Digital Credential Issuer (Developer Guide)
Here are this week’s topics that you don’t wanna miss out on!
🪪 Physical Badge Access & Passkeys: Technical Guide
🆔 How to build a Digital Verifiable Credential Issuer (Developer’s Guide)
Questions from passkey projects
See what others have asked about integrating passkeys:
#26 Can passkeys significantly improve login speed and conversion rates?
Yes, passkeys dramatically reduce login times, typically making logins 3-6 times faster compared to traditional methods like passwords or SMS codes. This speed improvement leads directly to higher conversion rates, especially important in transaction-oriented industries.
Your employee badge can be your next passkey (but it depends on what’s inside the card)
Physical access and digital login used to live in separate worlds until breaches started jumping the gap (from stolen badge to acess to a server room or a hacked system to unlocked doors). This guide breaks down why “badge = identity” is a trap: most RFID/NFC badges are just static IDs, while only FIDO2-capable smart cards can actually do the cryptographic WebAuthn challenge-response.
Then it lays out three real-world architectures teams use today: a centralized vault that turns a badge tap into “tap-to-login” (but adds major trust and lock-in risk), a desktop bridge that uses the badge as a login hint (standards-compliant, but messy to deploy and maintain) and the converged credential where the badge is the authenticator (cleanest and most secure, but requires new hardware).
You also get a practical decision framework: pick based on whether you care most about capex, security/standards or “magic” UX. And it walks through onboarding, revocation and the big “oh no” moment: what happens when someone loses their badge (hint: you’ll want backup authenticators). Want the trade-offs, diagrams and the “which one should I choose?” logic in full detail?
From web form to wallet: build a Verifiable Credential Issuer in Next.js
Digital, verifiable credentials sound simple until you try to actually issue one into a real wallet. This developer guide shows how to build a full issuer in Next.js: user enters data, then you generate a one-time credential offer, you show it as a QR code, the wallet scans and claims the credential. Along the way, it clears up “digital credentials” vs. W3C Verifiable Credentials and the classic trust triangle (Issuer, Holder, Verifier).
The core flow uses OpenID4VCI’s pre-authorized code grant: create a short-lived code and PIN, exchange it for an access token, then return a signed JWT-VC (ES256) that wallets can store. You’ll also wire up the three critical .well-known endpoints (issuer metadata, OIDC config and did:web keys) and learn why caching them can break everything after a key rotation. And if you’ve ever wondered why wallets are so picky about HTTPS, the guide shows the exact ngrok setup. Plus what you still need before this is production-ready.
Join the Passkeys Community!
Our mission is to free the world from passwords to make the Internet a safer place - this can only be accomplished together.
Join our passkeys community to connect with other passkey enthusiasts, stay up-to-date, get implementation support and show your passkeys projects!