No Display? No Problem: Cross-Device Passkey Authentication for XR Devices

Meta Engineering presents a novel approach to enable cross-device passkey authentication for XR devices and other screenless hardware without requiring QR codes.

• •Standard cross-device passkey flow relies on QR code scanning, which is impossible for devices like Meta Quest headsets that lack an accessible display
• •The solution uses a companion app (Meta Horizon) to deliver the FIDO URL via authenticated push notifications, replacing the QR code scanning step
• •The headset encodes the passkey payload into a FIDO URL and transmits it through a GraphQL-based push notification to the paired mobile device
• •Once the FIDO URL is received, the mobile OS initiates the standard hybrid transport sequence including BLE advertisement, encrypted tunnel establishment, and passkey assertion
• •The approach complies with WebAuthn and FIDO CTAP hybrid protocol trust and proximity requirements, and is now available on Meta Quest devices