Summary
After enabling Passkeys and Progressive Enrollment in the WorkOS Dashboard (staging environment), the "Create a passkey" prompt never appears during sign-in.
The user authenticates via OTP / magic link only (no password set). The docs mention progressive enrollment prompts "users who are still using password-based authentication" — does this mean OTP-only users are excluded from progressive enrollment?
Steps to reproduce
- Enable Passkeys in WorkOS Dashboard (staging)
- Enable Magic Auth as the authentication method
- Sign out an existing OTP-only user (no password)
- Sign back in via magic link
- Expected: "Create a passkey" progressive enrollment prompt
- Actual: No prompt, goes straight to the app
Environment
- Staging environment
@workos-inc/authkit-nextjs (Next.js 16 / App Router)- Tried on both
localhost:3001 and Vercel preview deployment
- No custom AuthKit domain configured (staging uses default
*.authkit.app)
Questions
- Does progressive enrollment only target password-based users? Is there a way to prompt OTP/magic-link users to enroll a passkey?
- If not via progressive enrollment, is there another mechanism to offer passkey creation to existing OTP users (e.g., a widget, API call, or redirect)?
Summary
After enabling Passkeys and Progressive Enrollment in the WorkOS Dashboard (staging environment), the "Create a passkey" prompt never appears during sign-in.
The user authenticates via OTP / magic link only (no password set). The docs mention progressive enrollment prompts "users who are still using password-based authentication" — does this mean OTP-only users are excluded from progressive enrollment?
Steps to reproduce
Environment
@workos-inc/authkit-nextjs(Next.js 16 / App Router)localhost:3001and Vercel preview deployment*.authkit.app)Questions