Open Passkey brings free backendless passkey auth to 33 frameworks
Open Passkey is a new MIT-licensed passkey auth library supporting 33 languages and frameworks, paired with a free hosted "backendless" auth server so frontend apps can ship without configuring a backend.
Score breakdown
Frontend developers can now add secure, passkey-based auth and encrypted secret storage to a purely CDN-hosted app — no server, no cost, no configuration — by pointing to the free `gateway` hosted service.
- 01Open Passkey is MIT-licensed and includes examples for 33 languages and frameworks.
- 02Companion service `gateway` (gateway.locke.id) is a free hosted auth server that requires no backend configuration.
- 03Gateway runs on an AWS `t.large` instance, estimated to support millions of accounts and sessions.
ConnorPeters released Open Passkey, an MIT-licensed passkey authentication repository designed to eliminate the deployment friction that has plagued vibe-coded and Claude Code-assisted projects — a pain point also noted publicly by Andrej Karpathy. The library ships with examples for 33 languages and frameworks, making it straightforward to drop passkey-based auth into almost any stack. It prioritizes post-quantum cryptographic algorithms, though the author acknowledges browser support for those algorithms does not yet exist.
The companion release is `gateway` (gateway.locke.id), a hosted "backendless" auth server that frontend apps can consume directly for free.
The companion release is `gateway` (gateway.locke.id), a hosted "backendless" auth server that frontend apps can consume directly for free. It runs on an AWS `t.large` instance, which the team estimates can comfortably support millions of accounts and sessions. The explicit design target is small apps shipped via CDNs like Netlify — not large-scale production deployments. For teams that prefer self-hosting, exporting user public keys is supported, with `rp_id` verification handled via domain TXT records.
On top of the auth layer, the project introduces a zero-config end-to-end encrypted key-value store modeled after the browser's `localStorage` API. It exposes a simple `setItem()` / `getItem()` interface that uses PRF (Pseudo-Random Function) extensions with passkeys to encrypt values before storing them on the Gateway, enabling frontend apps to securely handle API keys and secrets without spinning up a server.
Key facts
- 01Open Passkey is MIT-licensed and includes examples for 33 languages and frameworks.
- 02Companion service `gateway` (gateway.locke.id) is a free hosted auth server that requires no backend configuration.
- 03Gateway runs on an AWS `t.large` instance, estimated to support millions of accounts and sessions.
- 04The library prioritizes post-quantum cryptographic algorithms, though browser support is not yet available.
- 05A zero-config end-to-end encrypted key-value store is included, using a `setItem()` / `getItem()` API backed by PRF with passkeys.
- 06User public key export is supported, with `rp_id` verification via domain TXT records for self-hosters.
- 07The project was motivated by deployment friction experienced when shipping small apps built with Claude Code.