feat: add passkey API support for signup and login methods

[amitsingh05667]

Summary

Adds Passkey API support to auth0-react, making passkey.signup and passkey.login available through the useAuth0 hook.

Changes

• Added passkey: PasskeyApiClient to Auth0ContextInterface and exposed it via useAuth0
• Wrapped passkey.signup / passkey.login with state dispatch so isAuthenticated and user update after a successful flow
• Exported passkey error classes and types from the package root
• Added 9 tests and updated the Auth0Client mock

Usage

import { useAuth0, PasskeyError } from '@auth0/auth0-react';

function PasskeyButton() {
  const { passkey } = useAuth0();

  const handleSignup = async () => {
    try {
      await passkey.signup({ email: 'user@example.com' });
    } catch (error) {
      if (error instanceof PasskeyError) {
        console.error('Passkey error:', error.message);
      }
    }
  };

  const handleLogin = async () => {
    await passkey.login({ scope: 'openid profile email' });
  };

  return (
    <>
      <button onClick={handleSignup}>Sign up with Passkey</button>
      <button onClick={handleLogin}>Sign in with Passkey</button>
    </>
  );
}

Testing

Automated

• All existing tests pass (npx jest --no-coverage — 126 tests)
• npx tsc --noEmit — zero TypeScript errors
• passkey.signup(): returns TokenEndpointResponse, dispatches auth state update
• passkey.login(): returns TokenEndpointResponse, forwards options, dispatches auth state update
• passkey.signup() / passkey.login(): errors are re-thrown via tokenError()
• passkey object is available on useAuth0 context
• 9 new passkey tests added, 126 total passing

Manual (tested on https://amitom5.acmetest.org with Auth0 custom domain)

Setup

• Custom domain: amitom5.acmetest.org (nginx + mkcert TLS, /etc/hosts → 127.0.0.1)
• App: Vite + React dev server on port 8000
• Auth0 tenant: WebAuthn with Device Biometrics grant enabled, Passkeys enabled on Username-Password-Authentication connection, Refresh Token Rotation enabled

Signup flow

• passkey.signup({ email: 'user@example.com', realm: 'Username-Password-Authentication' }) triggers browser WebAuthn credential creation prompt
• On success, isAuthenticated becomes true and user is populated in React state
• Access token and ID token are returned in the response

Login flow

• passkey.login({ realm: 'Username-Password-Authentication' }) triggers browser WebAuthn assertion prompt for an existing passkey
• On success, isAuthenticated becomes true and user is populated in React state
• Access token and ID token are returned in the response

Error cases

• Cancelling the WebAuthn browser prompt surfaces a PasskeyError with the user's cancellation reason
• Calling passkey.login() before any passkey is registered returns invalid_grant: Invalid passkey from the server (expected — no credential exists)
• Running on localhost (no custom domain) fails with RP ID mismatch — confirmed passkeys require the exact registered origin

[pmathew92]

@amitsingh05667 update the EXAMPLES.md file showcasing the passkey usage similar to how spa has done