supertokens
diff --git a/‎v3/docs/authentication/webauthn/_category_.json renamed to ‎v3/docs/authentication/passkeys/_category_.json b/‎v3/docs/authentication/webauthn/_category_.json renamed to ‎v3/docs/authentication/passkeys/_category_.json
diff --git a/‎v3/docs/authentication/passkeys/customization.mdx
Lines changed: 295 additions & 0 deletions b/‎v3/docs/authentication/passkeys/customization.mdx
Lines changed: 295 additions & 0 deletions
@@ -0,0 +1,295 @@
+---
+title: Customization
+hide_title: true
+sidebar_position: 4
+---
+
+import { BackendTabs } from "/src/components/Tabs";
+
+# Customization
+
+## Overview
+
+Like the other **SuperTokens** authentication recipes, you can customize the `WebAuthn` flow through different configuration options and overrides.
+The following page describes the options that you can change and the different scenarios that are enabled through customization.
+
+---
+
+## Backend recipe configuration
+
+
+The backend recipe accepts the following properties during initialization:
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `getRelyingPartyId` | Sets the domain name that will be associated with the WebAuthn credentials. This helps ensure credentials can only be used on your domain. | The `apiDomain` value that you have set in `appConfig` |
+| `getRelyingPartyName` | Set a human-readable name for your application that will be shown to users during the WebAuthn registration process. | The `appName` value that you have set in `appConfig` |
+| `getOrigin` | Configure the origin URL that WebAuthn credentials will be bound to. This should match your application's domain and protocol. | Origin of the request |
+| `emailDelivery` | Configure how verification emails are sent to users. Read the [email delivery page](/docs/platform-configuration/email-delivery) for more information. | Default email service |
+| `validateEmailAddress` | Add custom validation logic for email addresses. | Basic email format validation |
+
+All the properties are optional.
+In most cases, you can rely on the default values provided by the recipe.
+
+<BackendTabs>
+
+<BackendTabs.TabItem value="nodejs">
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            getOrigin: () => {
+                return "https://example.com";
+            },
+            getRelyingPartyId: () => {
+                return "example.com";
+            },
+            getRelyingPartyName: () => {
+                return "example";
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="go">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Go SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="python">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Python SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+</BackendTabs>
+
+---
+
+## Credential generation
+
+The credentials are generated by the client based on the options provided by the backend SDK.
+The frontend SDK uses the [`navigator.credentials.created`](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create) function to resolve this.
+
+To change the options used to generate credentials, you need to override the `registerOptions` function.
+
+<BackendTabs>
+
+<BackendTabs.TabItem value="nodejs">
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            override: {
+                functions: (originalImplementation) => {
+                    return {
+                        ...originalImplementation,
+                        registerOptions: (input) => {
+                            return originalImplementation.registerOptions({
+                                ...input,
+                                attestation: "direct",
+                                residentKey: "required",
+                                timeout: 10 * 1000,
+                                userVerification: "required",
+                                displayName: "John Doe",
+                                supportedAlgorithms: [-257],
+                                relyingPartyId: 'example.com',
+                                relyingPartyName: 'example',
+                                origin: 'https://example.com',
+                            });
+                        },
+                    };
+                },
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
+
+<br />
+
+#### Input properties
+
+| Name | Type | Description | Default Value |
+|----------|----------|-------------|---------------|
+| `relyingPartyId` | `string` | The domain name of your application that will be shown to the user during authentication. | - |
+| `relyingPartyName` | `string` | The display name of your application that will be shown to the user during authentication. | - |
+| `origin` | `string` | The origin URL that the credential is generated on. | - |
+| `timeout` | `number` | The time in milliseconds that the user has to complete the credential generation process. | `6000` |
+| `attestation` | `"none" \| "indirect" \| "direct" \| "enterprise"`  | The amount of information about the authenticator that gets included in the attestation statement. This controls what authenticators are supported. | `none` |
+| `supportedAlgorithms` | `number[]` | The cryptographic algorithms that can be used for generating credentials. Different authenticators support different algorithms. | `[-8, -7, -257]` |
+| `residentKey` | `"discouraged" \| "preferred" \| "required"` | Whether the credential should be stored on the authenticator device. | `required` |
+| `userVerification` | `"discouraged" \| "preferred" \| "required"` | Whether user verification (like PIN or biometrics) is required. | `preferred` |
+| `displayName` | `string` | The display name of the user. | The user's `email` property |
+
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="go">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Go SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="python">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Python SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+</BackendTabs>
+
+---
+
+## Credential validation
+
+When a user attempts to login, their credential is used to sign a challenge on the client.
+The frontend SDK uses the [`navigator.credentials.get`](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get) function to resolve this.
+
+The options for signing the challenge are generated on the server, through the backend SDK, and then sent to the client. 
+To change those, you need to override the `signInOptions` function.
+
+
+<BackendTabs>
+
+<BackendTabs.TabItem value="nodejs">
+
+```ts
+import supertokens from "supertokens-node";
+import Session from "supertokens-node/recipe/session";
+import WebAuthn from "supertokens-node/recipe/webauthn";
+
+supertokens.init({
+    framework: "express",
+    supertokens: {
+        // https://try.supertokens.com is for demo purposes. Replace this with the address of your core instance (sign up on supertokens.com), or self host a core.
+        connectionURI: "https://try.supertokens.com",
+        // apiKey: <API_KEY(if configured)>,
+    },
+    appInfo: {
+        // learn more about this on https://supertokens.com/docs/session/appinfo
+        appName: "<YOUR_APP_NAME>",
+        apiDomain: "<YOUR_API_DOMAIN>",
+        websiteDomain: "<YOUR_WEBSITE_DOMAIN>",
+        apiBasePath: "/auth",
+        websiteBasePath: "/auth"
+    },
+    recipeList: [
+        WebAuthn.init({
+            override: {
+                functions: (originalImplementation) => {
+                    return {
+                        ...originalImplementation,
+                        signInOptions: (input) => {
+                            return originalImplementation.signInOptions({
+                                ...input,
+                                timeout: 10 * 1000,
+                                userVerification: "required",
+                                relyingPartyId: 'example.com',
+                                origin: 'https://example.com',
+                            });
+                        },
+                    };
+                },
+            },
+        }),
+        Session.init() // initializes session features
+    ]
+});
+```
+
+#### Input properties
+
+| Name | Type | Description | Default |
+|----------|----------|-------------|---------|
+| `relyingPartyId` | `string` | The domain name of your application that will be used for validating the credential. | - |
+| `relyingPartyName` | `string` | The human-readable name of your application. | - |
+| `origin` | `string` | The origin URL that the credential is generated on. | - |
+| `timeout` | `number` | The time in milliseconds that the user has to complete the credential validation process. | `6000` |
+| `userVerification` | `"discouraged" \| "preferred" \| "required"` | Controls whether user verification (like PIN or biometrics) is required. | `preferred` |
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="go">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Go SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+<BackendTabs.TabItem value="python">
+
+:::caution
+
+At the moment there is no support for using passkeys authentication in the Python SDK.
+
+:::
+
+</BackendTabs.TabItem>
+
+</BackendTabs>
+
+