diff --git a/A0Auth0.podspec b/A0Auth0.podspec
index d5b7ee8e..0d8248e3 100644
--- a/A0Auth0.podspec
+++ b/A0Auth0.podspec
@@ -16,7 +16,7 @@ Pod::Spec.new do |s|
   s.source_files = 'ios/**/*.{h,m,mm,swift}'
   s.requires_arc = true
 
-  s.dependency 'Auth0', '2.19.0'
+  s.dependency 'Auth0', '2.21.1'
   
   install_modules_dependencies(s)
 end
diff --git a/EXAMPLES.md b/EXAMPLES.md
index 9fdac540..ae3e6ff6 100644
--- a/EXAMPLES.md
+++ b/EXAMPLES.md
@@ -49,6 +49,15 @@
   - [Using Custom Token Exchange with Auth0 Class](#using-custom-token-exchange-with-auth0-class)
   - [With Organization Context](#with-organization-context)
   - [Subject Token Type Requirements](#subject-token-type-requirements)
+- [Passkeys](#passkeys)
+  - [Overview](#passkeys-overview)
+  - [Prerequisites](#passkeys-prerequisites)
+  - [Signup with Passkey](#signup-with-passkey)
+  - [Signin with Passkey](#signin-with-passkey)
+  - [Advanced: Manual Credential Manager Handling](#advanced-manual-credential-manager-handling)
+  - [Using Passkeys with Auth0 Class](#using-passkeys-with-auth0-class)
+  - [Error Handling](#passkeys-error-handling)
+  - [Platform Support](#passkeys-platform-support)
 - [Native to Web SSO](#native-to-web-sso)
   - [Overview](#native-to-web-sso-overview)
   - [Prerequisites](#native-to-web-sso-prerequisites)
@@ -1011,6 +1020,270 @@ For detailed examples of validating different token types in Actions, see:
 - Validate token expiration, issuer, and audience claims
 - Implement rate limiting for failed validations using `api.access.rejectInvalidSubjectToken()`
 
+## Passkeys
+
+<a name="passkeys-overview"></a>
+
+### Overview
+
+Passkeys provide a passwordless authentication experience using platform biometrics (Face ID, Touch ID, fingerprint) backed by public-key cryptography. The SDK provides the Auth0 challenge and token exchange steps, while you handle the platform credential manager interaction using native modules or libraries like `react-native-passkey`.
+
+The passkey flow has three steps:
+
+1. **Challenge** — Request a WebAuthn challenge from Auth0 (`passkeySignupChallenge` or `passkeyLoginChallenge`)
+2. **Credential Manager** — Present the OS credential manager UI to create or assert a passkey (using your own native module or a library)
+3. **Exchange** — Send the credential response back to Auth0 to get tokens (`getTokenByPasskey`)
+
+> **Platform Support:** Native only (iOS 16.6+ / Android). Not supported on Web.
+
+<a name="passkeys-prerequisites"></a>
+
+### Prerequisites
+
+Before using passkeys:
+
+1. **Enable the Passkey Grant Type** for your Auth0 application in the Auth0 Dashboard
+2. **Configure a custom domain** on your Auth0 tenant (required for passkeys)
+3. **iOS:** Requires iOS 16.6 or later. Add an Associated Domain with the `webcredentials` service pointing to your Auth0 custom domain
+4. **Android:** Requires Android API 28+. Configure your app's Digital Asset Links for the Auth0 custom domain
+
+> **Important:** `passkeySignupChallenge` is for creating **new** user accounts with a passkey. It will fail if the email already exists in the database connection. Use `passkeyLoginChallenge` for existing users who have already registered a passkey.
+
+### Signup with Passkey
+
+The signup flow requests a registration challenge from Auth0, then you use the platform credential manager (via a native module or library like `react-native-passkey`) to create a new passkey, and finally exchange the credential for Auth0 tokens.
+
+```tsx
+import { useAuth0, PasskeyError } from 'react-native-auth0';
+
+function PasskeySignupScreen() {
+  const { passkeySignupChallenge, getTokenByPasskey } = useAuth0();
+
+  const handleSignup = async () => {
+    try {
+      // Step 1: Get the signup challenge from Auth0
+      const challenge = await passkeySignupChallenge({
+        email: 'user@example.com',
+        name: 'John Doe',
+        realm: 'Username-Password-Authentication',
+      });
+
+      // Step 2: Use the platform credential manager to create a passkey
+      // challenge.authParamsPublicKey contains the WebAuthn PublicKeyCredentialCreationOptions
+      // Use your preferred library (e.g., react-native-passkey) or native module
+      const credentialJson = await yourCredentialManagerCreate(
+        challenge.authParamsPublicKey
+      );
+
+      // Step 3: Exchange the credential response for Auth0 tokens
+      const credentials = await getTokenByPasskey({
+        authSession: challenge.authSession,
+        authResponse: credentialJson,
+        realm: 'Username-Password-Authentication',
+        audience: 'https://api.example.com',
+        scope: 'openid profile email offline_access',
+      });
+
+      console.log('Signed up with passkey:', credentials.accessToken);
+    } catch (error) {
+      if (error instanceof PasskeyError) {
+        console.error('Passkey signup failed:', error.type, error.message);
+      }
+    }
+  };
+
+  return <Button title="Sign Up with Passkey" onPress={handleSignup} />;
+}
+```
+
+### Signin with Passkey
+
+The login flow requests an assertion challenge from Auth0, then you use the platform credential manager to assert an existing passkey, and finally exchange the credential for Auth0 tokens.
+
+```tsx
+import { useAuth0, PasskeyError } from 'react-native-auth0';
+
+function PasskeySigninScreen() {
+  const { passkeyLoginChallenge, getTokenByPasskey } = useAuth0();
+
+  const handleSignin = async () => {
+    try {
+      // Step 1: Get the login challenge from Auth0
+      const challenge = await passkeyLoginChallenge({
+        realm: 'Username-Password-Authentication',
+      });
+
+      // Step 2: Use the platform credential manager to assert an existing passkey
+      // challenge.authParamsPublicKey contains the WebAuthn PublicKeyCredentialRequestOptions
+      // Use your preferred library (e.g., react-native-passkey) or native module
+      const credentialJson = await yourCredentialManagerGet(
+        challenge.authParamsPublicKey
+      );
+
+      // Step 3: Exchange the credential response for Auth0 tokens
+      const credentials = await getTokenByPasskey({
+        authSession: challenge.authSession,
+        authResponse: credentialJson,
+        realm: 'Username-Password-Authentication',
+        audience: 'https://api.example.com',
+        scope: 'openid profile email offline_access',
+      });
+
+      console.log('Signed in with passkey:', credentials.accessToken);
+    } catch (error) {
+      if (error instanceof PasskeyError) {
+        console.error('Passkey signin failed:', error.type, error.message);
+      }
+    }
+  };
+
+  return <Button title="Sign In with Passkey" onPress={handleSignin} />;
+}
+```
+
+### Auth Response Format
+
+The `authResponse` parameter passed to `getTokenByPasskey` must be a JSON string representing the [PublicKeyCredential](https://www.w3.org/TR/webauthn-2/#publickeycredential) response from the platform credential manager.
+
+**For registration (signup):**
+
+```json
+{
+  "id": "<base64url-encoded credential ID>",
+  "rawId": "<base64url-encoded credential ID>",
+  "type": "public-key",
+  "response": {
+    "clientDataJSON": "<base64url-encoded>",
+    "attestationObject": "<base64url-encoded>"
+  },
+  "authenticatorAttachment": "platform"
+}
+```
+
+**For assertion (login):**
+
+```json
+{
+  "id": "<base64url-encoded credential ID>",
+  "rawId": "<base64url-encoded credential ID>",
+  "type": "public-key",
+  "response": {
+    "clientDataJSON": "<base64url-encoded>",
+    "authenticatorData": "<base64url-encoded>",
+    "signature": "<base64url-encoded>",
+    "userHandle": "<base64url-encoded>"
+  },
+  "authenticatorAttachment": "platform"
+}
+```
+
+### Using Passkeys with Auth0 Class
+
+```typescript
+import Auth0, { PasskeyError } from 'react-native-auth0';
+
+const auth0 = new Auth0({
+  domain: 'YOUR_AUTH0_DOMAIN',
+  clientId: 'YOUR_AUTH0_CLIENT_ID',
+});
+
+// Signup flow
+const signupChallenge = await auth0.passkeySignupChallenge({
+  email: 'user@example.com',
+  name: 'John Doe',
+  realm: 'Username-Password-Authentication',
+});
+
+// Use your credential manager library to create the passkey
+// signupChallenge.authParamsPublicKey has the WebAuthn creation options
+const registrationJson = await yourCredentialManagerCreate(
+  signupChallenge.authParamsPublicKey
+);
+
+const signupCredentials = await auth0.getTokenByPasskey({
+  authSession: signupChallenge.authSession,
+  authResponse: registrationJson,
+  realm: 'Username-Password-Authentication',
+});
+
+// Login flow
+const loginChallenge = await auth0.passkeyLoginChallenge({
+  realm: 'Username-Password-Authentication',
+});
+
+// Use your credential manager library to assert the passkey
+// loginChallenge.authParamsPublicKey has the WebAuthn request options
+const assertionJson = await yourCredentialManagerGet(
+  loginChallenge.authParamsPublicKey
+);
+
+const loginCredentials = await auth0.getTokenByPasskey({
+  authSession: loginChallenge.authSession,
+  authResponse: assertionJson,
+  realm: 'Username-Password-Authentication',
+});
+```
+
+### Signup Challenge Parameters
+
+The `passkeySignupChallenge` method accepts the following parameters to create a user profile along with the passkey:
+
+| Parameter      | Type                      | Description                          |
+| -------------- | ------------------------- | ------------------------------------ |
+| `email`        | `string?`                 | User's email address                 |
+| `phoneNumber`  | `string?`                 | User's phone number                  |
+| `username`     | `string?`                 | Username                             |
+| `name`         | `string?`                 | Full name                            |
+| `givenName`    | `string?`                 | First/given name                     |
+| `familyName`   | `string?`                 | Last/family name                     |
+| `nickname`     | `string?`                 | Nickname                             |
+| `picture`      | `string?`                 | Profile picture URL                  |
+| `userMetadata` | `Record<string, string>?` | Custom user metadata key-value pairs |
+| `realm`        | `string?`                 | Database connection name             |
+| `organization` | `string?`                 | Auth0 organization ID                |
+
+<a name="passkeys-error-handling"></a>
+
+### Error Handling
+
+Passkey operations throw `PasskeyError` (extends `AuthError`) with a normalized `type` property. Use `PasskeyErrorCodes` for type-safe error handling:
+
+| Error Code                     | Description                                         |
+| ------------------------------ | --------------------------------------------------- |
+| `PASSKEY_CHALLENGE_FAILED`     | Auth0 challenge request failed                      |
+| `PASSKEY_EXCHANGE_FAILED`      | Token exchange with credential response failed      |
+| `PASSKEY_NOT_AVAILABLE`        | Passkeys not available on this device or OS version |
+| `PASSKEY_UNSUPPORTED_PLATFORM` | Passkeys not supported on this platform (Web)       |
+| `PASSKEY_UNKNOWN_ERROR`        | Unknown or uncategorized passkey error              |
+
+```typescript
+import { PasskeyError, PasskeyErrorCodes } from 'react-native-auth0';
+
+try {
+  const challenge = await auth0.passkeyLoginChallenge({
+    realm: 'Username-Password-Authentication',
+  });
+} catch (error) {
+  if (error instanceof PasskeyError) {
+    console.log('Error type:', error.type); // e.g. "PASSKEY_CHALLENGE_FAILED"
+    console.log('Error message:', error.message);
+    console.log('Error code:', error.code); // Raw native error code
+  }
+}
+```
+
+<a name="passkeys-platform-support"></a>
+
+### Platform Support
+
+| Platform    | Support          | Requirements                                              |
+| ----------- | ---------------- | --------------------------------------------------------- |
+| **iOS**     | ✅ Supported     | iOS 16.6+, Associated Domains with `webcredentials`       |
+| **Android** | ✅ Supported     | Android API 28+, Digital Asset Links configured           |
+| **Web**     | ❌ Not Supported | Throws `PasskeyError` with `PASSKEY_UNSUPPORTED_PLATFORM` |
+
+> **Note:** Passkeys require a real device for the full flow. Simulators/emulators may have limited support.
+
 ## Native to Web SSO
 
 ### Native to Web SSO Overview
@@ -1395,6 +1668,7 @@ On Android, some browsers do not correctly handle App Link redirects. For exampl
 You can restrict which browsers are allowed to handle the web authentication flow by passing `allowedBrowserPackages` in the options object. When set, only browsers whose package names appear in the list will be used.
 
 **Behaviour:**
+
 - If the user's default browser is in the list, it is used.
 - If the user's default browser is not in the list but another allowed browser is installed, that browser is used instead.
 - If no allowed browser is installed, an `a0.browser_not_available` error is returned.
@@ -1414,7 +1688,7 @@ await authorize(
     allowedBrowserPackages: [
       'com.android.chrome',
       'com.chrome.beta',
-      'com.microsoft.emmx',       // Edge
+      'com.microsoft.emmx', // Edge
       'com.brave.browser',
       'com.sec.android.app.sbrowser', // Samsung Internet
     ],
@@ -1438,7 +1712,7 @@ await auth0.webAuth.authorize(
     allowedBrowserPackages: [
       'com.android.chrome',
       'com.chrome.beta',
-      'com.microsoft.emmx',       // Edge
+      'com.microsoft.emmx', // Edge
       'com.brave.browser',
       'com.sec.android.app.sbrowser', // Samsung Internet
     ],
diff --git a/README.md b/README.md
index d618fe94..41b8348a 100644
--- a/README.md
+++ b/README.md
@@ -863,6 +863,10 @@ This library provides a unified API across Native (iOS/Android) and Web platform
 | `auth.passwordRealm()`                     |          ✅          |      ❌       | **Not supported on Web for security reasons.** The Resource Owner Password Grant exposes credentials to the browser and is not recommended for Single Page Applications. |
 | `auth.passwordless...()`                   |          ✅          |      ❌       | **Not supported on Web.** Passwordless flows on the web should be configured via Universal Login and initiated with `webAuth.authorize()`.                               |
 | `auth.loginWith...()` (OTP/SMS etc)        |          ✅          |      ❌       | **Not supported on Web.** These direct grant flows are not secure for public clients like browsers.                                                                      |
+| **Passkeys**                               |                      |               | ---                                                                                                                                                                      |
+| `passkeySignupChallenge()`                 |          ✅          |      ❌       | **Native-only.** Gets a WebAuthn registration challenge from Auth0. Requires iOS 16.6+ or Android API 28+.                                                               |
+| `passkeyLoginChallenge()`                  |          ✅          |      ❌       | **Native-only.** Gets a WebAuthn assertion challenge from Auth0. Requires iOS 16.6+ or Android API 28+.                                                                  |
+| `getTokenByPasskey()`                      |          ✅          |      ❌       | **Native-only.** Exchanges a passkey credential response for Auth0 tokens. Requires iOS 16.6+ or Android API 28+.                                                        |
 | **Token & User Management**                |                      |               | ---                                                                                                                                                                      |
 | `auth.refreshToken()`                      |          ✅          |      ❌       | **Not supported on Web.** Token refresh is handled automatically by `getCredentials()` via `getTokenSilently()` on the web.                                              |
 | `auth.userInfo()`                          |          ✅          |      ✅       | Fetches the user's profile from the `/userinfo` endpoint using an access token.                                                                                          |
diff --git a/android/build.gradle b/android/build.gradle
index 1bc72a1c..f41f799b 100644
--- a/android/build.gradle
+++ b/android/build.gradle
@@ -96,7 +96,7 @@ dependencies {
   implementation "com.facebook.react:react-android"
   implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
   implementation "androidx.browser:browser:1.2.0"
-  implementation 'com.auth0.android:auth0:3.15.0'
+  implementation 'com.auth0.android:auth0:3.17.0'
 }
 
 if (isNewArchitectureEnabled()) {
diff --git a/android/src/main/java/com/auth0/react/A0Auth0Module.kt b/android/src/main/java/com/auth0/react/A0Auth0Module.kt
index 6a3dd6fb..ae97fae3 100644
--- a/android/src/main/java/com/auth0/react/A0Auth0Module.kt
+++ b/android/src/main/java/com/auth0/react/A0Auth0Module.kt
@@ -4,7 +4,6 @@ import android.app.Activity
 import android.content.Intent
 import androidx.fragment.app.FragmentActivity
 import com.auth0.android.Auth0
-import com.auth0.android.result.APICredentials
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.authentication.storage.CredentialsManagerException
@@ -16,7 +15,12 @@ import com.auth0.android.dpop.DPoPException
 import com.auth0.android.provider.BrowserPicker
 import com.auth0.android.provider.CustomTabsOptions
 import com.auth0.android.provider.WebAuthProvider
+import com.auth0.android.request.PublicKeyCredentials
+import com.auth0.android.request.UserData
+import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
+import com.auth0.android.result.PasskeyChallenge
+import com.auth0.android.result.PasskeyRegistrationChallenge
 import com.facebook.react.bridge.ActivityEventListener
 import com.facebook.react.bridge.Promise
 import com.facebook.react.bridge.ReactApplicationContext
@@ -25,6 +29,7 @@ import com.facebook.react.bridge.ReadableArray
 import com.facebook.react.bridge.ReadableMap
 import com.facebook.react.bridge.UiThreadUtil
 import com.facebook.react.bridge.WritableNativeMap
+import com.google.gson.Gson
 import java.net.MalformedURLException
 import java.net.URL
 
@@ -537,6 +542,141 @@ class A0Auth0Module(private val reactContext: ReactApplicationContext) : A0Auth0
         })
     }
 
+    @ReactMethod
+    override fun passkeySignupChallenge(
+        email: String?,
+        phoneNumber: String?,
+        username: String?,
+        name: String?,
+        givenName: String?,
+        familyName: String?,
+        nickname: String?,
+        picture: String?,
+        userMetadata: ReadableMap?,
+        realm: String?,
+        organization: String?,
+        promise: Promise
+    ) {
+        val authClient = AuthenticationAPIClient(auth0!!)
+        if (useDPoP) {
+            authClient.useDPoP(reactContext)
+        }
+
+        val finalEmail = email?.trim()?.ifEmpty { null }
+        val finalPhone = phoneNumber?.trim()?.ifEmpty { null }
+        val finalUsername = username?.trim()?.ifEmpty { null }
+        val finalName = name?.trim()?.ifEmpty { null }
+        val finalGivenName = givenName?.trim()?.ifEmpty { null }
+        val finalFamilyName = familyName?.trim()?.ifEmpty { null }
+        val finalNickname = nickname?.trim()?.ifEmpty { null }
+        val finalPicture = picture?.trim()?.ifEmpty { null }
+        val finalUserMetadata = userMetadata?.toHashMap()?.mapValues { it.value?.toString() ?: "" }?.ifEmpty { null }
+        val finalRealm = realm?.trim()?.ifEmpty { null }
+        val finalOrg = organization?.trim()?.ifEmpty { null }
+        val userData = UserData(
+            email = finalEmail,
+            phoneNumber = finalPhone,
+            userName = finalUsername,
+            name = finalName,
+            givenName = finalGivenName,
+            familyName = finalFamilyName,
+            nickName = finalNickname,
+            picture = finalPicture,
+            userMetadata = finalUserMetadata
+        )
+
+        authClient.signupWithPasskey(userData, finalRealm, finalOrg)
+            .start(object : com.auth0.android.callback.Callback<PasskeyRegistrationChallenge, AuthenticationException> {
+                override fun onSuccess(challenge: PasskeyRegistrationChallenge) {
+                    val result = WritableNativeMap().apply {
+                        putString("authSession", challenge.authSession)
+                        val authParamsJson = Gson().toJson(challenge.authParamsPublicKey)
+                        putMap("authParamsPublicKey", JsonUtils.jsonToWritableMap(authParamsJson))
+                    }
+                    promise.resolve(result)
+                }
+
+                override fun onFailure(error: AuthenticationException) {
+                    promise.reject("PASSKEY_CHALLENGE_FAILED", error.getDescription(), error)
+                }
+            })
+    }
+
+    @ReactMethod
+    override fun passkeyLoginChallenge(
+        realm: String?,
+        organization: String?,
+        promise: Promise
+    ) {
+        val authClient = AuthenticationAPIClient(auth0!!)
+        if (useDPoP) {
+            authClient.useDPoP(reactContext)
+        }
+
+        val finalRealm = realm?.trim()?.ifEmpty { null }
+        val finalOrg = organization?.trim()?.ifEmpty { null }
+
+        authClient.passkeyChallenge(finalRealm, finalOrg)
+            .start(object : com.auth0.android.callback.Callback<PasskeyChallenge, AuthenticationException> {
+                override fun onSuccess(challenge: PasskeyChallenge) {
+                    val result = WritableNativeMap().apply {
+                        putString("authSession", challenge.authSession)
+                        val authParamsJson = Gson().toJson(challenge.authParamsPublicKey)
+                        putMap("authParamsPublicKey", JsonUtils.jsonToWritableMap(authParamsJson))
+                    }
+                    promise.resolve(result)
+                }
+
+                override fun onFailure(error: AuthenticationException) {
+                    promise.reject("PASSKEY_CHALLENGE_FAILED", error.getDescription(), error)
+                }
+            })
+    }
+
+    @ReactMethod
+    override fun getTokenByPasskey(
+        authSession: String,
+        authResponse: String,
+        realm: String?,
+        audience: String?,
+        scope: String?,
+        organization: String?,
+        promise: Promise
+    ) {
+        val authClient = AuthenticationAPIClient(auth0!!)
+        if (useDPoP) {
+            authClient.useDPoP(reactContext)
+        }
+
+        val finalScope = if (scope.isNullOrBlank()) "openid profile email" else scope
+        val finalRealm = realm?.trim()?.ifEmpty { null }
+        val finalAudience = audience?.trim()?.ifEmpty { null }
+        val finalOrg = organization?.trim()?.ifEmpty { null }
+
+        val publicKeyCredentials = try {
+            Gson().fromJson(authResponse, PublicKeyCredentials::class.java)
+        } catch (e: Exception) {
+            promise.reject("PASSKEY_EXCHANGE_FAILED", "Invalid authResponse JSON: ${e.message}", e)
+            return
+        }
+
+        val request = authClient.signinWithPasskey(authSession, publicKeyCredentials, finalRealm, finalOrg)
+        finalAudience?.let { request.setAudience(it) }
+        request.setScope(finalScope)
+        request.validateClaims()
+
+        request.start(object : com.auth0.android.callback.Callback<Credentials, AuthenticationException> {
+            override fun onSuccess(credentials: Credentials) {
+                promise.resolve(CredentialsParser.toMap(credentials))
+            }
+
+            override fun onFailure(error: AuthenticationException) {
+                promise.reject("PASSKEY_EXCHANGE_FAILED", error.getDescription(), error)
+            }
+        })
+    }
+
+
     override fun onActivityResult(activity: Activity, requestCode: Int, resultCode: Int, data: Intent?) {
         // No-op
     }
diff --git a/android/src/main/java/com/auth0/react/JsonUtils.kt b/android/src/main/java/com/auth0/react/JsonUtils.kt
new file mode 100644
index 00000000..e14fd9b2
--- /dev/null
+++ b/android/src/main/java/com/auth0/react/JsonUtils.kt
@@ -0,0 +1,55 @@
+package com.auth0.react
+
+import com.facebook.react.bridge.WritableArray
+import com.facebook.react.bridge.WritableMap
+import com.facebook.react.bridge.WritableNativeArray
+import com.facebook.react.bridge.WritableNativeMap
+import org.json.JSONArray
+import org.json.JSONObject
+
+object JsonUtils {
+    fun jsonToWritableMap(jsonString: String): WritableMap {
+        val jsonObject = JSONObject(jsonString)
+        return convertJsonObject(jsonObject)
+    }
+
+    private fun convertJsonObject(jsonObject: JSONObject): WritableMap {
+        val map = WritableNativeMap()
+        val keys = jsonObject.keys()
+        while (keys.hasNext()) {
+            val key = keys.next()
+            val value = jsonObject.get(key)
+            when (value) {
+                is JSONObject -> map.putMap(key, convertJsonObject(value))
+                is JSONArray -> map.putArray(key, convertJsonArray(value))
+                is String -> map.putString(key, value)
+                is Int -> map.putInt(key, value)
+                is Long -> map.putDouble(key, value.toDouble())
+                is Double -> map.putDouble(key, value)
+                is Boolean -> map.putBoolean(key, value)
+                JSONObject.NULL -> map.putNull(key)
+                else -> map.putString(key, value.toString())
+            }
+        }
+        return map
+    }
+
+    private fun convertJsonArray(jsonArray: JSONArray): WritableArray {
+        val array = WritableNativeArray()
+        for (i in 0 until jsonArray.length()) {
+            val value = jsonArray.get(i)
+            when (value) {
+                is JSONObject -> array.pushMap(convertJsonObject(value))
+                is JSONArray -> array.pushArray(convertJsonArray(value))
+                is String -> array.pushString(value)
+                is Int -> array.pushInt(value)
+                is Long -> array.pushDouble(value.toDouble())
+                is Double -> array.pushDouble(value)
+                is Boolean -> array.pushBoolean(value)
+                JSONObject.NULL -> array.pushNull()
+                else -> array.pushString(value.toString())
+            }
+        }
+        return array
+    }
+}
diff --git a/android/src/main/oldarch/com/auth0/react/A0Auth0Spec.kt b/android/src/main/oldarch/com/auth0/react/A0Auth0Spec.kt
index 713705be..fc56c307 100644
--- a/android/src/main/oldarch/com/auth0/react/A0Auth0Spec.kt
+++ b/android/src/main/oldarch/com/auth0/react/A0Auth0Spec.kt
@@ -122,4 +122,42 @@ abstract class A0Auth0Spec(context: ReactApplicationContext) : ReactContextBaseJ
         organization: String?,
         promise: Promise
     )
+
+    @ReactMethod
+    @DoNotStrip
+    abstract fun passkeySignupChallenge(
+        email: String?,
+        phoneNumber: String?,
+        username: String?,
+        name: String?,
+        givenName: String?,
+        familyName: String?,
+        nickname: String?,
+        picture: String?,
+        userMetadata: ReadableMap?,
+        realm: String?,
+        organization: String?,
+        promise: Promise
+    )
+
+    @ReactMethod
+    @DoNotStrip
+    abstract fun passkeyLoginChallenge(
+        realm: String?,
+        organization: String?,
+        promise: Promise
+    )
+
+    @ReactMethod
+    @DoNotStrip
+    abstract fun getTokenByPasskey(
+        authSession: String,
+        authResponse: String,
+        realm: String?,
+        audience: String?,
+        scope: String?,
+        organization: String?,
+        promise: Promise
+    )
+
 }
\ No newline at end of file
diff --git a/example/android/app/src/main/java/com/auth0example/MainApplication.kt b/example/android/app/src/main/java/com/auth0example/MainApplication.kt
index de72e5ab..c4a4ebc1 100644
--- a/example/android/app/src/main/java/com/auth0example/MainApplication.kt
+++ b/example/android/app/src/main/java/com/auth0example/MainApplication.kt
@@ -14,8 +14,7 @@ class MainApplication : Application(), ReactApplication {
       context = applicationContext,
       packageList =
         PackageList(this).packages.apply {
-          // Packages that cannot be autolinked yet can be added manually here, for example:
-          // add(MyReactNativePackage())
+          add(PasskeyPackage())
         },
     )
   }
diff --git a/example/android/app/src/main/java/com/auth0example/PasskeyModule.kt b/example/android/app/src/main/java/com/auth0example/PasskeyModule.kt
new file mode 100644
index 00000000..83499a4c
--- /dev/null
+++ b/example/android/app/src/main/java/com/auth0example/PasskeyModule.kt
@@ -0,0 +1,85 @@
+package com.auth0example
+
+import android.app.Activity
+import android.os.Build
+import androidx.credentials.CreatePublicKeyCredentialRequest
+import androidx.credentials.CreatePublicKeyCredentialResponse
+import androidx.credentials.CredentialManager
+import androidx.credentials.GetCredentialRequest
+import androidx.credentials.GetPublicKeyCredentialOption
+import androidx.credentials.PublicKeyCredential
+import androidx.credentials.exceptions.CreateCredentialCancellationException
+import androidx.credentials.exceptions.GetCredentialCancellationException
+import com.facebook.react.bridge.Promise
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.bridge.ReactContextBaseJavaModule
+import com.facebook.react.bridge.ReactMethod
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+
+class PasskeyModule(reactContext: ReactApplicationContext) :
+    ReactContextBaseJavaModule(reactContext) {
+
+    override fun getName(): String = "PasskeyModule"
+
+    @ReactMethod
+    fun createPasskey(requestJson: String, promise: Promise) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+            promise.reject("PASSKEY_NOT_AVAILABLE", "Passkeys require Android API 28 or later")
+            return
+        }
+
+        val activity: Activity = reactApplicationContext.currentActivity
+            ?: run {
+                promise.reject("PASSKEY_FAILED", "No activity available")
+                return
+            }
+
+        val credentialManager = CredentialManager.create(reactApplicationContext)
+        val createRequest = CreatePublicKeyCredentialRequest(requestJson = requestJson)
+
+        CoroutineScope(Dispatchers.Main).launch {
+            try {
+                val result = credentialManager.createCredential(activity, createRequest)
+                val response = result as CreatePublicKeyCredentialResponse
+                promise.resolve(response.registrationResponseJson)
+            } catch (e: CreateCredentialCancellationException) {
+                promise.reject("USER_CANCELLED", "User cancelled passkey creation", e)
+            } catch (e: Exception) {
+                promise.reject("PASSKEY_FAILED", e.message, e)
+            }
+        }
+    }
+
+    @ReactMethod
+    fun getPasskey(requestJson: String, promise: Promise) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+            promise.reject("PASSKEY_NOT_AVAILABLE", "Passkeys require Android API 28 or later")
+            return
+        }
+
+        val activity: Activity = reactApplicationContext.currentActivity
+            ?: run {
+                promise.reject("PASSKEY_FAILED", "No activity available")
+                return
+            }
+
+        val credentialManager = CredentialManager.create(reactApplicationContext)
+        val getRequest = GetCredentialRequest(
+            listOf(GetPublicKeyCredentialOption(requestJson = requestJson))
+        )
+
+        CoroutineScope(Dispatchers.Main).launch {
+            try {
+                val result = credentialManager.getCredential(activity, getRequest)
+                val credential = result.credential as PublicKeyCredential
+                promise.resolve(credential.authenticationResponseJson)
+            } catch (e: GetCredentialCancellationException) {
+                promise.reject("USER_CANCELLED", "User cancelled passkey assertion", e)
+            } catch (e: Exception) {
+                promise.reject("PASSKEY_FAILED", e.message, e)
+            }
+        }
+    }
+}
diff --git a/example/android/app/src/main/java/com/auth0example/PasskeyPackage.kt b/example/android/app/src/main/java/com/auth0example/PasskeyPackage.kt
new file mode 100644
index 00000000..53d16774
--- /dev/null
+++ b/example/android/app/src/main/java/com/auth0example/PasskeyPackage.kt
@@ -0,0 +1,16 @@
+package com.auth0example
+
+import com.facebook.react.ReactPackage
+import com.facebook.react.bridge.NativeModule
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.uimanager.ViewManager
+
+class PasskeyPackage : ReactPackage {
+    override fun createNativeModules(reactContext: ReactApplicationContext): List<NativeModule> {
+        return listOf(PasskeyModule(reactContext))
+    }
+
+    override fun createViewManagers(reactContext: ReactApplicationContext): List<ViewManager<*, *>> {
+        return emptyList()
+    }
+}
diff --git a/example/ios/Auth0Example.xcodeproj/project.pbxproj b/example/ios/Auth0Example.xcodeproj/project.pbxproj
index c469f3ef..03dc33ff 100644
--- a/example/ios/Auth0Example.xcodeproj/project.pbxproj
+++ b/example/ios/Auth0Example.xcodeproj/project.pbxproj
@@ -12,6 +12,8 @@
 		815544A03F48449898D8605F /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */; };
 		81AB9BB82411601600AC10FF /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */; };
 		E99D02CA2DCD372E003D3E67 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = E99D02C92DCD372E003D3E67 /* AppDelegate.swift */; };
+		E99D02D32DCD3730003D3E67 /* PasskeyModule.swift in Sources */ = {isa = PBXBuildFile; fileRef = E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */; };
+		E99D02D42DCD3730003D3E67 /* PasskeyModule.m in Sources */ = {isa = PBXBuildFile; fileRef = E99D02D12DCD3730003D3E67 /* PasskeyModule.m */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -35,6 +37,9 @@
 		81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.storyboard; name = LaunchScreen.storyboard; path = Auth0Example/LaunchScreen.storyboard; sourceTree = "<group>"; };
 		C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xml; name = PrivacyInfo.xcprivacy; path = Auth0Example/PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
 		E99D02C92DCD372E003D3E67 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
+		E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = PasskeyModule.swift; path = Auth0Example/PasskeyModule.swift; sourceTree = "<group>"; };
+		E99D02D12DCD3730003D3E67 /* PasskeyModule.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = PasskeyModule.m; path = Auth0Example/PasskeyModule.m; sourceTree = "<group>"; };
+		E99D02D22DCD3730003D3E67 /* Auth0Example-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "Auth0Example-Bridging-Header.h"; path = "Auth0Example/Auth0Example-Bridging-Header.h"; sourceTree = "<group>"; };
 		ED297162215061F000B7C4FE /* JavaScriptCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = JavaScriptCore.framework; path = System/Library/Frameworks/JavaScriptCore.framework; sourceTree = SDKROOT; };
 /* End PBXFileReference section */
 
@@ -65,6 +70,9 @@
 				81AB9BB72411601600AC10FF /* LaunchScreen.storyboard */,
 				C63DF729B29B9546313C3403 /* PrivacyInfo.xcprivacy */,
 				E99D02C92DCD372E003D3E67 /* AppDelegate.swift */,
+				E99D02D02DCD3730003D3E67 /* PasskeyModule.swift */,
+				E99D02D12DCD3730003D3E67 /* PasskeyModule.m */,
+				E99D02D22DCD3730003D3E67 /* Auth0Example-Bridging-Header.h */,
 			);
 			name = Auth0Example;
 			sourceTree = "<group>";
@@ -323,6 +331,8 @@
 			buildActionMask = 2147483647;
 			files = (
 				E99D02CA2DCD372E003D3E67 /* AppDelegate.swift in Sources */,
+				E99D02D32DCD3730003D3E67 /* PasskeyModule.swift in Sources */,
+				E99D02D42DCD3730003D3E67 /* PasskeyModule.m in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff --git a/example/ios/Auth0Example/Auth0Example-Bridging-Header.h b/example/ios/Auth0Example/Auth0Example-Bridging-Header.h
new file mode 100644
index 00000000..5fff35c1
--- /dev/null
+++ b/example/ios/Auth0Example/Auth0Example-Bridging-Header.h
@@ -0,0 +1 @@
+#import <React/RCTBridgeModule.h>
diff --git a/example/ios/Auth0Example/PasskeyModule.m b/example/ios/Auth0Example/PasskeyModule.m
new file mode 100644
index 00000000..49fcc83b
--- /dev/null
+++ b/example/ios/Auth0Example/PasskeyModule.m
@@ -0,0 +1,17 @@
+#import <React/RCTBridgeModule.h>
+
+@interface RCT_EXTERN_MODULE(PasskeyModule, NSObject)
+
+RCT_EXTERN_METHOD(createPasskey:(NSString *)requestJson
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getPasskey:(NSString *)requestJson
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
++ (BOOL)requiresMainQueueSetup {
+  return YES;
+}
+
+@end
diff --git a/example/ios/Auth0Example/PasskeyModule.swift b/example/ios/Auth0Example/PasskeyModule.swift
new file mode 100644
index 00000000..89e6a6d4
--- /dev/null
+++ b/example/ios/Auth0Example/PasskeyModule.swift
@@ -0,0 +1,196 @@
+import AuthenticationServices
+import Foundation
+
+@available(iOS 16.6, *)
+@objc(PasskeyModule)
+class PasskeyModule: NSObject {
+
+  @objc static func requiresMainQueueSetup() -> Bool {
+    return true
+  }
+
+  @objc func createPasskey(_ requestJson: String, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    guard #available(iOS 16.6, *) else {
+      reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+      return
+    }
+
+    guard let data = requestJson.data(using: .utf8),
+          let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+      reject("PASSKEY_FAILED", "Invalid request JSON", nil)
+      return
+    }
+
+    guard let rp = json["rp"] as? [String: Any],
+          let rpId = rp["id"] as? String,
+          let challengeStr = json["challenge"] as? String,
+          let challengeData = Data(base64URLEncoded: challengeStr),
+          let user = json["user"] as? [String: Any],
+          let userName = user["name"] as? String,
+          let userIdStr = user["id"] as? String,
+          let userId = Data(base64URLEncoded: userIdStr) else {
+      reject("PASSKEY_FAILED", "Missing required fields: rp.id, challenge, user.id, user.name", nil)
+      return
+    }
+
+    let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: rpId)
+    let request = provider.createCredentialRegistrationRequest(challenge: challengeData, name: userName, userID: userId)
+
+    let delegate = AuthorizationDelegate { credential in
+      guard let registration = credential as? ASAuthorizationPlatformPublicKeyCredentialRegistration else {
+        reject("PASSKEY_FAILED", "Unexpected credential type", nil)
+        return
+      }
+      let result: [String: Any] = [
+        "id": registration.credentialID.base64URLEncodedString(),
+        "rawId": registration.credentialID.base64URLEncodedString(),
+        "type": "public-key",
+        "response": [
+          "clientDataJSON": registration.rawClientDataJSON.base64URLEncodedString(),
+          "attestationObject": (registration.rawAttestationObject ?? Data()).base64URLEncodedString()
+        ],
+        "authenticatorAttachment": "platform"
+      ]
+      if let jsonData = try? JSONSerialization.data(withJSONObject: result),
+         let jsonString = String(data: jsonData, encoding: .utf8) {
+        resolve(jsonString)
+      } else {
+        reject("PASSKEY_FAILED", "Failed to serialize credential response", nil)
+      }
+    } onError: { error in
+      if let authError = error as? ASAuthorizationError, authError.code == .canceled {
+        reject("USER_CANCELLED", "User cancelled passkey creation", error)
+      } else {
+        reject("PASSKEY_FAILED", error.localizedDescription, error)
+      }
+    }
+
+    let controller = ASAuthorizationController(authorizationRequests: [request])
+    controller.delegate = delegate
+    controller.presentationContextProvider = delegate
+    objc_setAssociatedObject(controller, "delegate", delegate, .OBJC_ASSOCIATION_RETAIN_NONATOMIC)
+    controller.performRequests()
+  }
+
+  @objc func getPasskey(_ requestJson: String, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    guard #available(iOS 16.6, *) else {
+      reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+      return
+    }
+
+    guard let data = requestJson.data(using: .utf8),
+          let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+      reject("PASSKEY_FAILED", "Invalid request JSON", nil)
+      return
+    }
+
+    guard let challengeStr = json["challenge"] as? String,
+          let challengeData = Data(base64URLEncoded: challengeStr) else {
+      reject("PASSKEY_FAILED", "Missing required 'challenge' field", nil)
+      return
+    }
+
+    let rpId = json["rpId"] as? String ?? ""
+    let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: rpId)
+    let assertionRequest = provider.createCredentialAssertionRequest(challenge: challengeData)
+
+    if let allowCredentials = json["allowCredentials"] as? [[String: Any]] {
+      assertionRequest.allowedCredentials = allowCredentials.compactMap { cred in
+        guard let idStr = cred["id"] as? String,
+              let idData = Data(base64URLEncoded: idStr) else { return nil }
+        return ASAuthorizationPlatformPublicKeyCredentialDescriptor(credentialID: idData)
+      }
+    }
+
+    let delegate = AuthorizationDelegate { credential in
+      guard let assertion = credential as? ASAuthorizationPlatformPublicKeyCredentialAssertion else {
+        reject("PASSKEY_FAILED", "Unexpected credential type", nil)
+        return
+      }
+      var response: [String: Any] = [
+        "clientDataJSON": assertion.rawClientDataJSON.base64URLEncodedString(),
+        "authenticatorData": assertion.rawAuthenticatorData.base64URLEncodedString(),
+        "signature": assertion.signature.base64URLEncodedString()
+      ]
+      if let userHandle = assertion.userID {
+        response["userHandle"] = userHandle.base64URLEncodedString()
+      }
+      let result: [String: Any] = [
+        "id": assertion.credentialID.base64URLEncodedString(),
+        "rawId": assertion.credentialID.base64URLEncodedString(),
+        "type": "public-key",
+        "response": response,
+        "authenticatorAttachment": "platform"
+      ]
+      if let jsonData = try? JSONSerialization.data(withJSONObject: result),
+         let jsonString = String(data: jsonData, encoding: .utf8) {
+        resolve(jsonString)
+      } else {
+        reject("PASSKEY_FAILED", "Failed to serialize credential response", nil)
+      }
+    } onError: { error in
+      if let authError = error as? ASAuthorizationError, authError.code == .canceled {
+        reject("USER_CANCELLED", "User cancelled passkey assertion", error)
+      } else {
+        reject("PASSKEY_FAILED", error.localizedDescription, error)
+      }
+    }
+
+    let controller = ASAuthorizationController(authorizationRequests: [assertionRequest])
+    controller.delegate = delegate
+    controller.presentationContextProvider = delegate
+    objc_setAssociatedObject(controller, "delegate", delegate, .OBJC_ASSOCIATION_RETAIN_NONATOMIC)
+    controller.performRequests()
+  }
+}
+
+// MARK: - Authorization Delegate
+
+@available(iOS 16.6, *)
+private class AuthorizationDelegate: NSObject, ASAuthorizationControllerDelegate, ASAuthorizationControllerPresentationContextProviding {
+  private let onSuccess: (ASAuthorizationCredential) -> Void
+  private let onError: (Error) -> Void
+
+  init(onSuccess: @escaping (ASAuthorizationCredential) -> Void, onError: @escaping (Error) -> Void) {
+    self.onSuccess = onSuccess
+    self.onError = onError
+    super.init()
+  }
+
+  func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
+    onSuccess(authorization.credential)
+  }
+
+  func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) {
+    onError(error)
+  }
+
+  func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {
+    return UIApplication.shared.connectedScenes
+      .compactMap { $0 as? UIWindowScene }
+      .flatMap { $0.windows }
+      .first { $0.isKeyWindow } ?? ASPresentationAnchor()
+  }
+}
+
+// MARK: - Data Base64URL Extensions
+
+private extension Data {
+  init?(base64URLEncoded string: String) {
+    var base64 = string
+      .replacingOccurrences(of: "-", with: "+")
+      .replacingOccurrences(of: "_", with: "/")
+    let remainder = base64.count % 4
+    if remainder > 0 {
+      base64.append(String(repeating: "=", count: 4 - remainder))
+    }
+    self.init(base64Encoded: base64)
+  }
+
+  func base64URLEncodedString() -> String {
+    return self.base64EncodedString()
+      .replacingOccurrences(of: "+", with: "-")
+      .replacingOccurrences(of: "/", with: "_")
+      .replacingOccurrences(of: "=", with: "")
+  }
+}
diff --git a/example/ios/Podfile.lock b/example/ios/Podfile.lock
index 37204a7d..9241ea0a 100644
--- a/example/ios/Podfile.lock
+++ b/example/ios/Podfile.lock
@@ -1,6 +1,6 @@
 PODS:
-  - A0Auth0 (5.4.0):
-    - Auth0 (= 2.18.0)
+  - A0Auth0 (5.6.0):
+    - Auth0 (= 2.21.1)
     - hermes-engine
     - RCTRequired
     - RCTTypeSafety
@@ -22,7 +22,7 @@ PODS:
     - ReactCommon/turbomodule/core
     - ReactNativeDependencies
     - Yoga
-  - Auth0 (2.18.0):
+  - Auth0 (2.21.1):
     - JWTDecode (= 3.3.0)
     - SimpleKeychain (= 1.3.0)
   - FBLazyVector (0.84.1)
@@ -1881,7 +1881,7 @@ PODS:
     - React-utils (= 0.84.1)
     - ReactNativeDependencies
   - ReactNativeDependencies (0.84.1)
-  - RNGestureHandler (2.30.0):
+  - RNGestureHandler (2.30.1):
     - hermes-engine
     - RCTRequired
     - RCTTypeSafety
@@ -2197,8 +2197,8 @@ EXTERNAL SOURCES:
     :path: "../node_modules/react-native/ReactCommon/yoga"
 
 SPEC CHECKSUMS:
-  A0Auth0: fd3fc9887adae5e3e9229312b344727323dca709
-  Auth0: ddc5c6c7eb17e2484fd8d50a15d99b657c36c72c
+  A0Auth0: b178a2e57f20df2488f69c9d94c6f484606b7cd0
+  Auth0: 06748eec43fdb07f392ce2404b40ded7e6f4c3e5
   FBLazyVector: e97c19a5a442429d1988f182a1940fb08df514da
   hermes-engine: 5a6d36f29e9659a4242ae9acfdaafa16c394a162
   JWTDecode: 1ca6f765844457d0dd8690436860fecee788f631
@@ -2273,7 +2273,7 @@ SPEC CHECKSUMS:
   ReactCodegen: 797de5178718324c6eba3327b07f9a423fbd5787
   ReactCommon: 07572bf9e687c8a52fbe4a3641e9e3a1a477c78e
   ReactNativeDependencies: 809d263441431cc96468c6259aef2b9e49193c6e
-  RNGestureHandler: 07de6f059e0ee5744ae9a56feb07ee345338cc31
+  RNGestureHandler: 695faf9c1f0aa1a6d52ab778e459a1bcbae3153b
   RNScreens: 6cb648bdad8fe9bee9259fe144df95b6d1d5b707
   SimpleKeychain: 9c0f3ca8458fed74e01db864d181c5cbe278603e
   Yoga: c0b3f2c7e8d3e327e450223a2414ca3fa296b9a2
diff --git a/example/src/passkey/PasskeyModule.ts b/example/src/passkey/PasskeyModule.ts
new file mode 100644
index 00000000..b400d706
--- /dev/null
+++ b/example/src/passkey/PasskeyModule.ts
@@ -0,0 +1,27 @@
+import { NativeModules, Platform } from 'react-native';
+
+const { PasskeyModule } = NativeModules;
+
+export const PasskeyModuleErrorCodes = {
+  USER_CANCELLED: 'USER_CANCELLED',
+} as const;
+
+export async function createPasskey(
+  options: Record<string, any>
+): Promise<string> {
+  if (Platform.OS === 'web') {
+    throw new Error('Passkeys are not supported on web');
+  }
+  const requestJson = JSON.stringify(options);
+  return PasskeyModule.createPasskey(requestJson);
+}
+
+export async function getPasskey(
+  options: Record<string, any>
+): Promise<string> {
+  if (Platform.OS === 'web') {
+    throw new Error('Passkeys are not supported on web');
+  }
+  const requestJson = JSON.stringify(options);
+  return PasskeyModule.getPasskey(requestJson);
+}
diff --git a/example/src/screens/hooks/Home.tsx b/example/src/screens/hooks/Home.tsx
index ce09fd37..0ccd2a2d 100644
--- a/example/src/screens/hooks/Home.tsx
+++ b/example/src/screens/hooks/Home.tsx
@@ -6,13 +6,25 @@ import {
   Text,
   StyleSheet,
   Alert,
+  Platform,
 } from 'react-native';
-import { useAuth0, WebAuthError, WebAuthErrorCodes } from 'react-native-auth0';
+import {
+  useAuth0,
+  WebAuthError,
+  WebAuthErrorCodes,
+  PasskeyError,
+  PasskeyErrorCodes,
+} from 'react-native-auth0';
 import Button from '../../components/Button';
 import Header from '../../components/Header';
 import LabeledInput from '../../components/LabeledInput';
 import Result from '../../components/Result';
 import config from '../../auth0-configuration';
+import {
+  createPasskey,
+  getPasskey,
+  PasskeyModuleErrorCodes,
+} from '../../passkey/PasskeyModule';
 
 const HomeScreen = () => {
   const {
@@ -20,6 +32,9 @@ const HomeScreen = () => {
     loginWithPasswordRealm,
     sendEmailCode,
     authorizeWithEmail,
+    passkeySignupChallenge,
+    passkeyLoginChallenge,
+    getTokenByPasskey,
     error,
   } = useAuth0();
 
@@ -28,6 +43,9 @@ const HomeScreen = () => {
   const [otp, setOtp] = useState('');
   const [showOtpInput, setShowOtpInput] = useState(false);
   const [apiError, setApiError] = useState<Error | null>(null);
+  const [passkeyEmail, setPasskeyEmail] = useState('');
+  const [loading, setLoading] = useState(false);
+  const [lastResult, setLastResult] = useState<object | null>(null);
 
   const onLogin = async () => {
     try {
@@ -35,26 +53,17 @@ const HomeScreen = () => {
         scope: 'openid profile email offline_access',
         audience: `https://${config.domain}/api/v2/`,
       });
-    } catch (e) {
-      console.log('Login error: ', e);
-      // Demonstrate usage of WebAuthErrorCodes for type-safe error handling
+    } catch (e: any) {
       if (e instanceof WebAuthError) {
-        const webAuthError: WebAuthError = e;
-        switch (webAuthError.type) {
+        switch (e.type) {
           case WebAuthErrorCodes.USER_CANCELLED:
-            Alert.alert(
-              'Login Cancelled',
-              'You cancelled the login process. Please try again when ready.'
-            );
+            Alert.alert('Login Cancelled', 'You cancelled the login process.');
             break;
           case WebAuthErrorCodes.TIMEOUT_ERROR:
-            Alert.alert(
-              'Login Timeout',
-              'The login process timed out. Please try again.'
-            );
+            Alert.alert('Login Timeout', 'The login process timed out.');
             break;
           default:
-            Alert.alert('Authentication Error', webAuthError.message);
+            Alert.alert('Authentication Error', e.message);
         }
       } else {
         Alert.alert('Error', 'An unexpected error occurred during login.');
@@ -92,6 +101,164 @@ const HomeScreen = () => {
     }
   };
 
+  // --- Passkey Handlers ---
+
+  const handlePasskeyError = (e: any) => {
+    if (e?.code === PasskeyModuleErrorCodes.USER_CANCELLED) {
+      Alert.alert('Cancelled', 'You dismissed the passkey prompt.');
+      setApiError(e as Error);
+      return;
+    }
+    if (e instanceof PasskeyError) {
+      switch (e.type) {
+        case PasskeyErrorCodes.NOT_AVAILABLE:
+          Alert.alert(
+            'Not Available',
+            'Passkeys are not supported on this device.'
+          );
+          break;
+        case PasskeyErrorCodes.CHALLENGE_FAILED:
+          Alert.alert('Challenge Failed', e.message);
+          break;
+        case PasskeyErrorCodes.EXCHANGE_FAILED:
+          Alert.alert('Exchange Failed', e.message);
+          break;
+        default:
+          Alert.alert('Passkey Error', `[${e.type}] ${e.message}`);
+      }
+    }
+    setApiError(e as Error);
+  };
+
+  // --- Full-flow passkey handlers ---
+
+  const onPasskeySignup = async () => {
+    setApiError(null);
+    setLastResult(null);
+    setLoading(true);
+    try {
+      const challenge = await passkeySignupChallenge({
+        email: passkeyEmail || undefined,
+        realm: 'Username-Password-Authentication',
+      });
+
+      const credentialJson = await createPasskey(challenge.authParamsPublicKey);
+
+      const credentials = await getTokenByPasskey({
+        authSession: challenge.authSession,
+        authResponse: credentialJson,
+        realm: 'Username-Password-Authentication',
+      });
+
+      setLastResult({
+        step: 'signup-complete',
+        accessToken: `${credentials.accessToken.substring(0, 30)}...`,
+        tokenType: credentials.tokenType,
+      });
+      Alert.alert('Success', 'Passkey signup complete!');
+    } catch (e) {
+      handlePasskeyError(e);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const onPasskeyLogin = async () => {
+    setApiError(null);
+    setLastResult(null);
+    setLoading(true);
+    try {
+      const challenge = await passkeyLoginChallenge({
+        realm: 'Username-Password-Authentication',
+      });
+
+      const credentialJson = await getPasskey(challenge.authParamsPublicKey);
+
+      const credentials = await getTokenByPasskey({
+        authSession: challenge.authSession,
+        authResponse: credentialJson,
+        realm: 'Username-Password-Authentication',
+      });
+
+      setLastResult({
+        step: 'login-complete',
+        accessToken: `${credentials.accessToken.substring(0, 30)}...`,
+        tokenType: credentials.tokenType,
+      });
+      Alert.alert('Success', 'Passkey login complete!');
+    } catch (e) {
+      handlePasskeyError(e);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // --- Step-by-step handlers for testing individual methods ---
+
+  const onTestChallenge = async (type: 'signup' | 'login') => {
+    setApiError(null);
+    setLastResult(null);
+    setLoading(true);
+    try {
+      const challenge =
+        type === 'signup'
+          ? await passkeySignupChallenge({
+              email: passkeyEmail || undefined,
+              realm: 'Username-Password-Authentication',
+            })
+          : await passkeyLoginChallenge({
+              realm: 'Username-Password-Authentication',
+            });
+
+      setLastResult({
+        step: `${type}Challenge`,
+        authSession: challenge.authSession,
+        authParamsPublicKey: challenge.authParamsPublicKey,
+      });
+      console.log(`${type} challenge:`, JSON.stringify(challenge, null, 2));
+    } catch (e) {
+      handlePasskeyError(e);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const onTestExchange = async () => {
+    const result = lastResult as any;
+    if (!result?.authSession || !result?.authParamsPublicKey) {
+      Alert.alert(
+        'Error',
+        'Run a challenge first (Signup Challenge or Login Challenge).'
+      );
+      return;
+    }
+    setApiError(null);
+    setLoading(true);
+    try {
+      const isSignup = result.step === 'signupChallenge';
+      const credentialJson = isSignup
+        ? await createPasskey(result.authParamsPublicKey)
+        : await getPasskey(result.authParamsPublicKey);
+
+      const credentials = await getTokenByPasskey({
+        authSession: result.authSession,
+        authResponse: credentialJson,
+        realm: 'Username-Password-Authentication',
+      });
+
+      setLastResult({
+        step: 'exchange',
+        accessToken: `${credentials.accessToken.substring(0, 30)}...`,
+        tokenType: credentials.tokenType,
+      });
+      Alert.alert('Success', 'Token exchange complete!');
+    } catch (e) {
+      handlePasskeyError(e);
+    } finally {
+      setLoading(false);
+    }
+  };
+
   return (
     <SafeAreaView style={styles.container}>
       <Header title="Welcome" />
@@ -145,6 +312,75 @@ const HomeScreen = () => {
             </>
           )}
         </Section>
+
+        {Platform.OS !== 'web' && (
+          <Section title="Passkeys">
+            <Text style={styles.description}>
+              Full passkey flow: challenge → credential manager → exchange.
+            </Text>
+
+            <LabeledInput
+              label="Email (for signup)"
+              value={passkeyEmail}
+              onChangeText={setPasskeyEmail}
+              autoCapitalize="none"
+              keyboardType="email-address"
+            />
+
+            <View style={styles.row}>
+              <Button
+                onPress={onPasskeySignup}
+                title="Sign Up with Passkey"
+                loading={loading}
+                style={styles.halfButton}
+              />
+              <Button
+                onPress={onPasskeyLogin}
+                title="Sign In with Passkey"
+                loading={loading}
+                style={styles.halfButton}
+              />
+            </View>
+
+            <Text style={[styles.description, { marginTop: 12 }]}>
+              Or test individual steps:
+            </Text>
+
+            <View style={styles.row}>
+              <Button
+                onPress={() => onTestChallenge('signup')}
+                title="Signup Challenge"
+                loading={loading}
+                style={styles.halfButton}
+              />
+              <Button
+                onPress={() => onTestChallenge('login')}
+                title="Login Challenge"
+                loading={loading}
+                style={styles.halfButton}
+              />
+            </View>
+
+            <Button
+              onPress={onTestExchange}
+              title="Exchange for Tokens"
+              loading={loading}
+            />
+
+            {lastResult && (
+              <View style={styles.resultBox}>
+                <Text style={styles.resultLabel}>Last Result:</Text>
+                <Text style={styles.resultValue} numberOfLines={8}>
+                  {JSON.stringify(
+                    lastResult,
+                    (key, val) => (key.startsWith('_') ? undefined : val),
+                    2
+                  )}
+                </Text>
+              </View>
+            )}
+          </Section>
+        )}
       </ScrollView>
     </SafeAreaView>
   );
@@ -180,6 +416,17 @@ const styles = StyleSheet.create({
     gap: 10,
   },
   sectionTitle: { fontSize: 18, fontWeight: 'bold', marginBottom: 8 },
+  description: { fontSize: 13, color: '#666', marginBottom: 4 },
+  row: { flexDirection: 'row', gap: 8 },
+  halfButton: { flex: 1, minWidth: 0 },
+  resultBox: {
+    backgroundColor: '#F5F5F5',
+    borderRadius: 6,
+    padding: 10,
+    gap: 4,
+  },
+  resultLabel: { fontSize: 12, fontWeight: '600', color: '#333' },
+  resultValue: { fontSize: 11, color: '#555', fontFamily: 'monospace' },
 });
 
 export default HomeScreen;
diff --git a/ios/A0Auth0.mm b/ios/A0Auth0.mm
index 6647dcfd..a47044d5 100644
--- a/ios/A0Auth0.mm
+++ b/ios/A0Auth0.mm
@@ -180,9 +180,39 @@ - (dispatch_queue_t)methodQueue
     [self.nativeBridge customTokenExchangeWithSubjectToken:subjectToken subjectTokenType:subjectTokenType audience:audience scope:scope organization:organization resolve:resolve reject:reject];
 }
 
+RCT_EXPORT_METHOD(passkeySignupChallenge:(NSString * _Nullable)email
+                  phoneNumber:(NSString * _Nullable)phoneNumber
+                  username:(NSString * _Nullable)username
+                  name:(NSString * _Nullable)name
+                  givenName:(NSString * _Nullable)givenName
+                  familyName:(NSString * _Nullable)familyName
+                  nickname:(NSString * _Nullable)nickname
+                  picture:(NSString * _Nullable)picture
+                  userMetadata:(NSDictionary * _Nullable)userMetadata
+                  realm:(NSString * _Nullable)realm
+                  organization:(NSString * _Nullable)organization
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject) {
+    [self.nativeBridge passkeySignupChallengeWithEmail:email phoneNumber:phoneNumber username:username name:name givenName:givenName familyName:familyName nickname:nickname picture:picture userMetadata:userMetadata realm:realm organization:organization resolve:resolve reject:reject];
+}
 
+RCT_EXPORT_METHOD(passkeyLoginChallenge:(NSString * _Nullable)realm
+                  organization:(NSString * _Nullable)organization
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject) {
+    [self.nativeBridge passkeyLoginChallengeWithRealm:realm organization:organization resolve:resolve reject:reject];
+}
 
-
+RCT_EXPORT_METHOD(getTokenByPasskey:(NSString *)authSession
+                  authResponse:(NSString *)authResponse
+                  realm:(NSString * _Nullable)realm
+                  audience:(NSString * _Nullable)audience
+                  scope:(NSString * _Nullable)scope
+                  organization:(NSString * _Nullable)organization
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject) {
+    [self.nativeBridge getTokenByPasskeyWithAuthSession:authSession authResponse:authResponse realm:realm audience:audience scope:scope organization:organization resolve:resolve reject:reject];
+}
 
 
 - (NSDictionary *)constantsToExport {
diff --git a/ios/NativeBridge.swift b/ios/NativeBridge.swift
index a0bfac29..78266c46 100644
--- a/ios/NativeBridge.swift
+++ b/ios/NativeBridge.swift
@@ -7,6 +7,7 @@
 //
 
 import Auth0
+import AuthenticationServices
 import Foundation
 import LocalAuthentication
 
@@ -404,10 +405,213 @@ public class NativeBridge: NSObject {
         }
     }
     
+
+
+
+
+    // MARK: - Passkey Methods (challenge / exchange)
+
+    @objc public func passkeySignupChallenge(email: String?, phoneNumber: String?, username: String?, name: String?, givenName: String?, familyName: String?, nickname: String?, picture: String?, userMetadata: [String: String]?, realm: String?, organization: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+        guard #available(iOS 16.6, *) else {
+            reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+            return
+        }
+
+        let trimmedEmail = email?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let finalEmail = (trimmedEmail?.isEmpty == true) ? nil : trimmedEmail
+        let phoneValue = phoneNumber?.isEmpty == true ? nil : phoneNumber
+        let usernameValue = username?.isEmpty == true ? nil : username
+        let nameValue = name?.isEmpty == true ? nil : name
+        let givenNameValue = givenName?.isEmpty == true ? nil : givenName
+        let familyNameValue = familyName?.isEmpty == true ? nil : familyName
+        let nicknameValue = nickname?.isEmpty == true ? nil : nickname
+        let pictureValue = picture?.isEmpty == true ? nil : picture
+        let userMetadataValue = userMetadata?.isEmpty == true ? nil : userMetadata
+        let realmValue = realm?.isEmpty == true ? nil : realm
+        let orgValue = organization?.isEmpty == true ? nil : organization
+
+        var auth = Auth0.authentication(clientId: self.clientId, domain: self.domain)
+        if self.useDPoP {
+            auth = auth.useDPoP()
+        }
+
+        auth.passkeySignupChallenge(
+            email: finalEmail,
+            phoneNumber: phoneValue,
+            username: usernameValue,
+            name: nameValue,
+            givenName: givenNameValue,
+            familyName: familyNameValue,
+            nickname: nicknameValue,
+            picture: pictureValue,
+            userMetadata: userMetadataValue,
+            connection: realmValue,
+            organization: orgValue
+        ).start { result in
+            switch result {
+            case .success(let challenge):
+                let authParamsPublicKey: [String: Any] = [
+                    "rp": ["id": challenge.relyingPartyId],
+                    "challenge": challenge.challengeData.base64URLEncodedString(),
+                    "user": [
+                        "id": challenge.userId.base64URLEncodedString(),
+                        "name": challenge.userName
+                    ]
+                ]
+                let response: [String: Any] = [
+                    "authSession": challenge.authenticationSession,
+                    "authParamsPublicKey": authParamsPublicKey
+                ]
+                resolve(response)
+            case .failure(let error):
+                reject("PASSKEY_CHALLENGE_FAILED", error.localizedDescription, error)
+            }
+        }
+    }
+
+    @objc public func passkeyLoginChallenge(realm: String?, organization: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+        guard #available(iOS 16.6, *) else {
+            reject("PASSKEY_NOT_AVAILABLE", "Passkeys require iOS 16.6 or later", nil)
+            return
+        }
+
+        let realmValue = realm?.isEmpty == true ? nil : realm
+        let orgValue = organization?.isEmpty == true ? nil : organization
+
+        var auth = Auth0.authentication(clientId: self.clientId, domain: self.domain)
+        if self.useDPoP {
+            auth = auth.useDPoP()
+        }
+
+        auth.passkeyLoginChallenge(
+            connection: realmValue,
+            organization: orgValue
+        ).start { result in
+            switch result {
+            case .success(let challenge):
+                let authParamsPublicKey: [String: Any] = [
+                    "rpId": challenge.relyingPartyId,
+                    "challenge": challenge.challengeData.base64URLEncodedString()
+                ]
+                let response: [String: Any] = [
+                    "authSession": challenge.authenticationSession,
+                    "authParamsPublicKey": authParamsPublicKey
+                ]
+                resolve(response)
+            case .failure(let error):
+                reject("PASSKEY_CHALLENGE_FAILED", error.localizedDescription, error)
+            }
+        }
+    }
+
+    @objc public func getTokenByPasskey(authSession: String, authResponse: String, realm: String?, audience: String?, scope: String?, organization: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+        guard #available(iOS 16.6, *) else {
+            reject("PASSKEY_EXCHANGE_FAILED", "Passkeys require iOS 16.6 or later", nil)
+            return
+        }
+
+        let realmValue = realm?.isEmpty == true ? nil : realm
+        let audienceValue = audience?.isEmpty == true ? nil : audience
+        let orgValue = organization?.isEmpty == true ? nil : organization
+        let finalScope = scope?.isEmpty == true ? "openid profile email" : (scope ?? "openid profile email")
+
+        guard let responseData = authResponse.data(using: .utf8),
+              let json = try? JSONSerialization.jsonObject(with: responseData) as? [String: Any],
+              let responseDict = json["response"] as? [String: Any],
+              let idString = json["id"] as? String,
+              let credentialID = Data(base64URLEncoded: idString),
+              let clientDataJSONString = responseDict["clientDataJSON"] as? String,
+              let clientDataJSON = Data(base64URLEncoded: clientDataJSONString) else {
+            reject("PASSKEY_EXCHANGE_FAILED", "Invalid authResponse JSON", nil)
+            return
+        }
+
+        let attachmentString = json["authenticatorAttachment"] as? String ?? "platform"
+        let attachment: ASAuthorizationPublicKeyCredentialAttachment = attachmentString == "cross-platform" ? .crossPlatform : .platform
+
+        var auth = Auth0.authentication(clientId: self.clientId, domain: self.domain)
+        if self.useDPoP {
+            auth = auth.useDPoP()
+        }
+
+        if let attestationObjectString = responseDict["attestationObject"] as? String {
+            let attestationObject = Data(base64URLEncoded: attestationObjectString)
+            let passkey = BridgeSignupPasskey(
+                credentialID: credentialID,
+                attachment: attachment,
+                rawClientDataJSON: clientDataJSON,
+                rawAttestationObject: attestationObject
+            )
+            let challenge = PasskeySignupChallenge(
+                authenticationSession: authSession,
+                relyingPartyId: self.domain,
+                userId: Data(),
+                userName: "",
+                challengeData: Data()
+            )
+            auth.login(
+                passkey: passkey,
+                challenge: challenge,
+                connection: realmValue,
+                audience: audienceValue,
+                scope: finalScope,
+                organization: orgValue
+            ).start { result in
+                switch result {
+                case .success(let credentials):
+                    resolve(credentials.asDictionary())
+                case .failure(let error):
+                    reject("PASSKEY_EXCHANGE_FAILED", error.localizedDescription, error)
+                }
+            }
+        } else {
+            guard let authenticatorDataString = responseDict["authenticatorData"] as? String,
+                  let authenticatorData = Data(base64URLEncoded: authenticatorDataString),
+                  let signatureString = responseDict["signature"] as? String,
+                  let signature = Data(base64URLEncoded: signatureString) else {
+                reject("PASSKEY_EXCHANGE_FAILED", "Missing authenticatorData or signature in authResponse", nil)
+                return
+            }
+            let userHandleString = responseDict["userHandle"] as? String
+            let userHandle = userHandleString.flatMap { Data(base64URLEncoded: $0) }
+
+            let passkey = BridgeLoginPasskey(
+                userID: userHandle,
+                credentialID: credentialID,
+                attachment: attachment,
+                rawClientDataJSON: clientDataJSON,
+                rawAuthenticatorData: authenticatorData,
+                signature: signature
+            )
+            let challenge = PasskeyLoginChallenge(
+                authenticationSession: authSession,
+                relyingPartyId: self.domain,
+                challengeData: Data()
+            )
+            auth.login(
+                passkey: passkey,
+                challenge: challenge,
+                connection: realmValue,
+                audience: audienceValue,
+                scope: finalScope,
+                organization: orgValue
+            ).start { result in
+                switch result {
+                case .success(let credentials):
+                    resolve(credentials.asDictionary())
+                case .failure(let error):
+                    reject("PASSKEY_EXCHANGE_FAILED", error.localizedDescription, error)
+                }
+            }
+        }
+    }
+
+
+
     @objc public func getClientId() -> String {
         return clientId
     }
-    
+
     @objc public func getDomain() -> String {
         return domain
     }
@@ -433,6 +637,7 @@ public class NativeBridge: NSObject {
             return .default
         }
     }
+
 }
 
 
@@ -516,7 +721,7 @@ extension CredentialsManagerError {
                 code = cause.code
             } else {
                 code = "REVOKE_FAILED"
-            } 
+            }
             case CredentialsManagerError.largeMinTTL: code = "LARGE_MIN_TTL"
             case CredentialsManagerError.dpopKeyMissing: code = "DPOP_KEY_MISSING"
             case CredentialsManagerError.dpopKeyMismatch: code = "DPOP_KEY_MISMATCH"
@@ -526,3 +731,47 @@ extension CredentialsManagerError {
         return code
     }
 }
+
+
+
+// MARK: - Data Base64URL Extensions
+
+extension Data {
+    init?(base64URLEncoded string: String) {
+        var base64 = string
+            .replacingOccurrences(of: "-", with: "+")
+            .replacingOccurrences(of: "_", with: "/")
+        let remainder = base64.count % 4
+        if remainder > 0 {
+            base64.append(String(repeating: "=", count: 4 - remainder))
+        }
+        self.init(base64Encoded: base64)
+    }
+
+    func base64URLEncodedString() -> String {
+        return self.base64EncodedString()
+            .replacingOccurrences(of: "+", with: "-")
+            .replacingOccurrences(of: "/", with: "_")
+            .replacingOccurrences(of: "=", with: "")
+    }
+}
+
+// MARK: - Passkey Bridge Types
+
+@available(iOS 16.6, macOS 13.5, *)
+struct BridgeLoginPasskey: LoginPasskey {
+    var userID: Data!
+    var credentialID: Data
+    var attachment: ASAuthorizationPublicKeyCredentialAttachment
+    var rawClientDataJSON: Data
+    var rawAuthenticatorData: Data!
+    var signature: Data!
+}
+
+@available(iOS 16.6, macOS 13.5, *)
+struct BridgeSignupPasskey: SignupPasskey {
+    var credentialID: Data
+    var attachment: ASAuthorizationPublicKeyCredentialAttachment
+    var rawClientDataJSON: Data
+    var rawAttestationObject: Data?
+}
diff --git a/src/Auth0.ts b/src/Auth0.ts
index d01ec99b..e0d96d42 100644
--- a/src/Auth0.ts
+++ b/src/Auth0.ts
@@ -5,6 +5,10 @@ import type {
   Auth0Options,
   DPoPHeadersParams,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   Credentials,
 } from './types';
 
@@ -121,6 +125,57 @@ class Auth0 {
   ): Promise<Credentials> {
     return this.client.customTokenExchange(parameters);
   }
+
+  /**
+   * Requests a passkey signup challenge from Auth0.
+   *
+   * Returns WebAuthn creation options that should be passed to the platform's
+   * credential manager to create a new passkey credential.
+   *
+   * @remarks Native only (iOS, Android). Not supported on web.
+   *
+   * @param parameters The parameters for the signup challenge.
+   * @returns A promise resolving with the challenge response containing authSession and authParamsPublicKey.
+   */
+  passkeySignupChallenge(
+    parameters: PasskeySignupChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    return this.client.passkeySignupChallenge(parameters);
+  }
+
+  /**
+   * Requests a passkey login challenge from Auth0.
+   *
+   * Returns WebAuthn request options that should be passed to the platform's
+   * credential manager to assert an existing passkey.
+   *
+   * @remarks Native only (iOS, Android). Not supported on web.
+   *
+   * @param parameters The parameters for the login challenge.
+   * @returns A promise resolving with the challenge response containing authSession and authParamsPublicKey.
+   */
+  passkeyLoginChallenge(
+    parameters: PasskeyLoginChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    return this.client.passkeyLoginChallenge(parameters);
+  }
+
+  /**
+   * Exchanges a passkey credential response for Auth0 tokens.
+   *
+   * Call this after the platform credential manager returns the passkey
+   * credential (from either signup or login flow).
+   *
+   * @remarks Native only (iOS, Android). Not supported on web.
+   *
+   * @param parameters The exchange parameters including authSession and authResponse.
+   * @returns A promise resolving with the user's credentials.
+   */
+  getTokenByPasskey(
+    parameters: GetTokenByPasskeyParameters
+  ): Promise<Credentials> {
+    return this.client.getTokenByPasskey(parameters);
+  }
 }
 
 export default Auth0;
diff --git a/src/core/interfaces/IAuth0Client.ts b/src/core/interfaces/IAuth0Client.ts
index f54cb58b..d246b7a8 100644
--- a/src/core/interfaces/IAuth0Client.ts
+++ b/src/core/interfaces/IAuth0Client.ts
@@ -6,6 +6,10 @@ import type {
   DPoPHeadersParams,
   TokenType,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   Credentials,
 } from '../../types';
 
@@ -74,4 +78,45 @@ export interface IAuth0Client {
   customTokenExchange(
     parameters: CustomTokenExchangeParameters
   ): Promise<Credentials>;
+
+  /**
+   * Requests a passkey signup challenge from Auth0.
+   *
+   * Returns WebAuthn creation options that should be passed to the platform's
+   * credential manager to create a new passkey. After the credential is created,
+   * call `getTokenByPasskey` with the auth session and credential response.
+   *
+   * @param parameters The passkey signup challenge parameters.
+   * @returns A promise resolving with the challenge response.
+   */
+  passkeySignupChallenge(
+    parameters: PasskeySignupChallengeParameters
+  ): Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Requests a passkey login challenge from Auth0.
+   *
+   * Returns WebAuthn request options that should be passed to the platform's
+   * credential manager to assert an existing passkey. After the assertion,
+   * call `getTokenByPasskey` with the auth session and credential response.
+   *
+   * @param parameters The passkey login challenge parameters.
+   * @returns A promise resolving with the challenge response.
+   */
+  passkeyLoginChallenge(
+    parameters: PasskeyLoginChallengeParameters
+  ): Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Exchanges a passkey credential response for Auth0 tokens.
+   *
+   * Call this after the platform credential manager returns the passkey
+   * credential (either from signup or login flow).
+   *
+   * @param parameters The exchange parameters including auth session and credential response.
+   * @returns A promise resolving with Auth0 credentials.
+   */
+  getTokenByPasskey(
+    parameters: GetTokenByPasskeyParameters
+  ): Promise<Credentials>;
 }
diff --git a/src/core/models/PasskeyError.ts b/src/core/models/PasskeyError.ts
new file mode 100644
index 00000000..e11737dd
--- /dev/null
+++ b/src/core/models/PasskeyError.ts
@@ -0,0 +1,111 @@
+import { AuthError } from './AuthError';
+
+/**
+ * Platform-agnostic error code constants for Passkey operations.
+ *
+ * Use these constants for type-safe error handling when working with passkey
+ * signup and signin flows. Each constant corresponds to a specific error type
+ * in the {@link PasskeyError.type} property.
+ *
+ * @example
+ * ```typescript
+ * import { PasskeyError, PasskeyErrorCodes } from 'react-native-auth0';
+ *
+ * try {
+ *   const challenge = await auth0.passkeyLoginChallenge({
+ *     realm: 'Username-Password-Authentication',
+ *   });
+ * } catch (e) {
+ *   if (e instanceof PasskeyError) {
+ *     switch (e.type) {
+ *       case PasskeyErrorCodes.NOT_AVAILABLE:
+ *         // Passkeys not supported on this device/OS
+ *         break;
+ *       case PasskeyErrorCodes.CHALLENGE_FAILED:
+ *         // Auth0 challenge request failed
+ *         break;
+ *       case PasskeyErrorCodes.EXCHANGE_FAILED:
+ *         // Token exchange with credential response failed
+ *         break;
+ *     }
+ *   }
+ * }
+ * ```
+ *
+ * @see {@link PasskeyError}
+ * @see {@link https://auth0.com/docs/authenticate/database-connections/passkeys}
+ */
+export const PasskeyErrorCodes = {
+  /** Passkeys are not available on this device or OS version */
+  NOT_AVAILABLE: 'PASSKEY_NOT_AVAILABLE',
+  /** Auth0 passkey challenge request failed */
+  CHALLENGE_FAILED: 'PASSKEY_CHALLENGE_FAILED',
+  /** Token exchange with the passkey credential response failed */
+  EXCHANGE_FAILED: 'PASSKEY_EXCHANGE_FAILED',
+  /** Passkeys are not supported on the web platform */
+  UNSUPPORTED_PLATFORM: 'PASSKEY_UNSUPPORTED_PLATFORM',
+  /** Unknown or uncategorized passkey error */
+  UNKNOWN_ERROR: 'PASSKEY_UNKNOWN_ERROR',
+} as const;
+
+const ERROR_CODE_MAP: Record<string, string> = {
+  PASSKEY_NOT_AVAILABLE: PasskeyErrorCodes.NOT_AVAILABLE,
+  PASSKEY_CHALLENGE_FAILED: PasskeyErrorCodes.CHALLENGE_FAILED,
+  PASSKEY_EXCHANGE_FAILED: PasskeyErrorCodes.EXCHANGE_FAILED,
+
+  // --- Web platform ---
+  UnsupportedOperation: PasskeyErrorCodes.UNSUPPORTED_PLATFORM,
+};
+
+/**
+ * Represents an error that occurred during a Passkey operation.
+ *
+ * This class wraps authentication errors related to passkey functionality, such as:
+ * - Passkey signup (registration) failures
+ * - Passkey signin (authentication) failures
+ * - Challenge request failures
+ * - Device/OS compatibility issues
+ *
+ * The `type` property provides a normalized, platform-agnostic error code that
+ * applications can use for consistent error handling across iOS and Android.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   const challenge = await auth0.passkeySignupChallenge({
+ *     email: 'user@example.com',
+ *     name: 'John Doe',
+ *     realm: 'Username-Password-Authentication',
+ *   });
+ * } catch (error) {
+ *   if (error instanceof PasskeyError) {
+ *     switch (error.type) {
+ *       case 'PASSKEY_CHALLENGE_FAILED':
+ *         console.log('Failed to get passkey challenge from Auth0');
+ *         break;
+ *       case 'PASSKEY_UNSUPPORTED_PLATFORM':
+ *         console.log('Passkeys are not supported on this platform');
+ *         break;
+ *     }
+ *   }
+ * }
+ * ```
+ */
+export class PasskeyError extends AuthError {
+  /**
+   * A normalized error type that is consistent across platforms.
+   * This can be used for reliable error handling in application code.
+   */
+  public readonly type: string;
+
+  constructor(originalError: AuthError) {
+    super(originalError.name, originalError.message, {
+      status: originalError.status,
+      code: originalError.code,
+      json: originalError.json,
+    });
+
+    this.type =
+      ERROR_CODE_MAP[originalError.code] || PasskeyErrorCodes.UNKNOWN_ERROR;
+  }
+}
diff --git a/src/core/models/index.ts b/src/core/models/index.ts
index 736f3b52..c88811fe 100644
--- a/src/core/models/index.ts
+++ b/src/core/models/index.ts
@@ -9,3 +9,4 @@ export {
 } from './CredentialsManagerError';
 export { WebAuthError, WebAuthErrorCodes } from './WebAuthError';
 export { DPoPError, DPoPErrorCodes } from './DPoPError';
+export { PasskeyError, PasskeyErrorCodes } from './PasskeyError';
diff --git a/src/exports/classes.ts b/src/exports/classes.ts
index 314ab6e1..845597ef 100644
--- a/src/exports/classes.ts
+++ b/src/exports/classes.ts
@@ -3,6 +3,7 @@ export {
   CredentialsManagerError,
   WebAuthError,
   DPoPError,
+  PasskeyError,
 } from '../core/models';
 export { default as Auth0 } from '../Auth0';
 export { TimeoutError } from '../core/utils/fetchWithTimeout';
diff --git a/src/exports/enums.ts b/src/exports/enums.ts
index 56259a1c..67dccfd9 100644
--- a/src/exports/enums.ts
+++ b/src/exports/enums.ts
@@ -12,4 +12,5 @@ export {
   WebAuthErrorCodes,
   CredentialsManagerErrorCodes,
   DPoPErrorCodes,
+  PasskeyErrorCodes,
 } from '../core/models';
diff --git a/src/hooks/Auth0Context.ts b/src/hooks/Auth0Context.ts
index 0be76a0e..bc32608f 100644
--- a/src/hooks/Auth0Context.ts
+++ b/src/hooks/Auth0Context.ts
@@ -17,6 +17,10 @@ import type {
   LoginRecoveryCodeParameters,
   ExchangeNativeSocialParameters,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   SSOExchangeParameters,
   RevokeOptions,
   ResetPasswordParameters,
@@ -203,6 +207,58 @@ export interface Auth0ContextInterface extends AuthState {
     parameters: CustomTokenExchangeParameters
   ) => Promise<Credentials>;
 
+  /**
+   * Requests a passkey signup challenge from Auth0.
+   *
+   * Returns WebAuthn creation options that should be passed to the platform's
+   * credential manager to create a new passkey credential.
+   *
+   * @remarks
+   * **Platform specific:** Only available on native platforms (iOS 16.6+ / Android).
+   *
+   * @param parameters The parameters for the signup challenge.
+   * @returns A promise resolving with the challenge response containing authSession and authParamsPublicKey.
+   * @throws {PasskeyError} If the challenge request fails or is not supported.
+   */
+  passkeySignupChallenge: (
+    parameters: PasskeySignupChallengeParameters
+  ) => Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Requests a passkey login challenge from Auth0.
+   *
+   * Returns WebAuthn request options that should be passed to the platform's
+   * credential manager to assert an existing passkey.
+   *
+   * @remarks
+   * **Platform specific:** Only available on native platforms (iOS 16.6+ / Android).
+   *
+   * @param parameters The parameters for the login challenge.
+   * @returns A promise resolving with the challenge response containing authSession and authParamsPublicKey.
+   * @throws {PasskeyError} If the challenge request fails or is not supported.
+   */
+  passkeyLoginChallenge: (
+    parameters: PasskeyLoginChallengeParameters
+  ) => Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Exchanges a passkey credential response for Auth0 tokens.
+   *
+   * Call this after the platform credential manager returns the passkey
+   * credential (from either signup or login flow). On success, the user
+   * state and credentials are updated automatically.
+   *
+   * @remarks
+   * **Platform specific:** Only available on native platforms (iOS 16.6+ / Android).
+   *
+   * @param parameters The exchange parameters including authSession and authResponse.
+   * @returns A promise resolving with the user's credentials.
+   * @throws {PasskeyError} If the exchange fails or is not supported.
+   */
+  getTokenByPasskey: (
+    parameters: GetTokenByPasskeyParameters
+  ) => Promise<Credentials>;
+
   /**
    * Sends a verification code to the user's email.
    * @param parameters The parameters for sending the email code.
@@ -392,6 +448,9 @@ const initialContext: Auth0ContextInterface = {
   authorizeWithRecoveryCode: stub,
   authorizeWithExchangeNativeSocial: stub,
   customTokenExchange: stub,
+  passkeySignupChallenge: stub,
+  passkeyLoginChallenge: stub,
+  getTokenByPasskey: stub,
   sendEmailCode: stub,
   sendSMSCode: stub,
   authorizeWithEmail: stub,
diff --git a/src/hooks/Auth0Provider.tsx b/src/hooks/Auth0Provider.tsx
index 34d2cf3a..8babcfb3 100644
--- a/src/hooks/Auth0Provider.tsx
+++ b/src/hooks/Auth0Provider.tsx
@@ -23,6 +23,10 @@ import type {
   LoginRecoveryCodeParameters,
   ExchangeNativeSocialParameters,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   SSOExchangeParameters,
   RevokeOptions,
   ResetPasswordParameters,
@@ -316,6 +320,28 @@ export const Auth0Provider = ({
     [client, loginFlow]
   );
 
+  const passkeySignupChallenge = useCallback(
+    (
+      parameters: PasskeySignupChallengeParameters
+    ): Promise<PasskeyChallengeResponse> =>
+      client.passkeySignupChallenge(parameters),
+    [client]
+  );
+
+  const passkeyLoginChallenge = useCallback(
+    (
+      parameters: PasskeyLoginChallengeParameters
+    ): Promise<PasskeyChallengeResponse> =>
+      client.passkeyLoginChallenge(parameters),
+    [client]
+  );
+
+  const getTokenByPasskey = useCallback(
+    (parameters: GetTokenByPasskeyParameters) =>
+      loginFlow(client.getTokenByPasskey(parameters)),
+    [client, loginFlow]
+  );
+
   const sendEmailCode = useCallback(
     (parameters: PasswordlessEmailParameters) =>
       voidFlow(client.auth.passwordlessWithEmail(parameters)),
@@ -425,6 +451,9 @@ export const Auth0Provider = ({
       authorizeWithExchange,
       authorizeWithExchangeNativeSocial,
       customTokenExchange,
+      passkeySignupChallenge,
+      passkeyLoginChallenge,
+      getTokenByPasskey,
       sendEmailCode,
       authorizeWithEmail,
       sendSMSCode,
@@ -455,6 +484,9 @@ export const Auth0Provider = ({
       authorizeWithExchange,
       authorizeWithExchangeNativeSocial,
       customTokenExchange,
+      passkeySignupChallenge,
+      passkeyLoginChallenge,
+      getTokenByPasskey,
       sendEmailCode,
       authorizeWithEmail,
       sendSMSCode,
diff --git a/src/index.ts b/src/index.ts
index 28339a14..8cd12c56 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -6,6 +6,8 @@ export {
   WebAuthErrorCodes,
   DPoPError,
   DPoPErrorCodes,
+  PasskeyError,
+  PasskeyErrorCodes,
 } from './core/models';
 export { TimeoutError } from './core/utils/fetchWithTimeout';
 export { TokenType } from './types/common';
diff --git a/src/platforms/native/adapters/NativeAuth0Client.ts b/src/platforms/native/adapters/NativeAuth0Client.ts
index cb0946cd..d8559260 100644
--- a/src/platforms/native/adapters/NativeAuth0Client.ts
+++ b/src/platforms/native/adapters/NativeAuth0Client.ts
@@ -7,6 +7,10 @@ import type { NativeAuth0Options } from '../../../types/platform-specific';
 import type {
   DPoPHeadersParams,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   Credentials,
 } from '../../../types';
 import { NativeWebAuthProvider } from './NativeWebAuthProvider';
@@ -18,7 +22,7 @@ import {
 } from '../../../core/services';
 import { HttpClient } from '../../../core/services/HttpClient';
 import { TokenType } from '../../../types/common';
-import { AuthError, DPoPError } from '../../../core/models';
+import { AuthError, DPoPError, PasskeyError } from '../../../core/models';
 
 export class NativeAuth0Client implements IAuth0Client {
   readonly webAuth: NativeWebAuthProvider;
@@ -186,4 +190,81 @@ export class NativeAuth0Client implements IAuth0Client {
       organization
     );
   }
+
+  async passkeySignupChallenge(
+    parameters: PasskeySignupChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    const {
+      email,
+      phoneNumber,
+      username,
+      name,
+      givenName,
+      familyName,
+      nickname,
+      picture,
+      userMetadata,
+      realm,
+      organization,
+    } = parameters;
+    try {
+      return await this.guardedBridge.passkeySignupChallenge(
+        email || undefined,
+        phoneNumber || undefined,
+        username || undefined,
+        name || undefined,
+        givenName || undefined,
+        familyName || undefined,
+        nickname || undefined,
+        picture || undefined,
+        userMetadata || undefined,
+        realm || undefined,
+        organization || undefined
+      );
+    } catch (e) {
+      if (e instanceof AuthError) {
+        throw new PasskeyError(e);
+      }
+      throw e;
+    }
+  }
+
+  async passkeyLoginChallenge(
+    parameters: PasskeyLoginChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    const { realm, organization } = parameters;
+    try {
+      return await this.guardedBridge.passkeyLoginChallenge(
+        realm || undefined,
+        organization || undefined
+      );
+    } catch (e) {
+      if (e instanceof AuthError) {
+        throw new PasskeyError(e);
+      }
+      throw e;
+    }
+  }
+
+  async getTokenByPasskey(
+    parameters: GetTokenByPasskeyParameters
+  ): Promise<Credentials> {
+    const { authSession, authResponse, realm, audience, scope, organization } =
+      parameters;
+    try {
+      return await this.guardedBridge.getTokenByPasskey(
+        authSession,
+        authResponse,
+        realm || undefined,
+        audience || undefined,
+        scope || undefined,
+        organization || undefined
+      );
+    } catch (e) {
+      if (e instanceof AuthError) {
+        throw new PasskeyError(e);
+      }
+      throw e;
+    }
+  }
 }
diff --git a/src/platforms/native/adapters/__tests__/NativeAuth0Client.spec.ts b/src/platforms/native/adapters/__tests__/NativeAuth0Client.spec.ts
index 0368800d..cdca5462 100644
--- a/src/platforms/native/adapters/__tests__/NativeAuth0Client.spec.ts
+++ b/src/platforms/native/adapters/__tests__/NativeAuth0Client.spec.ts
@@ -277,4 +277,287 @@ describe('NativeAuth0Client', () => {
       ).toHaveBeenCalledTimes(1);
     });
   });
+
+  describe('passkeySignupChallenge', () => {
+    const mockChallengeResponse = {
+      authSession: 'mock-auth-session-123',
+      authParamsPublicKey: {
+        rp: { id: 'my-tenant.auth0.com', name: 'My App' },
+        user: {
+          id: 'dXNlci1pZA',
+          name: 'user@example.com',
+          displayName: 'User',
+        },
+        challenge: 'Y2hhbGxlbmdl',
+        pubKeyCredParams: [{ type: 'public-key', alg: -7 }],
+      },
+    };
+
+    beforeEach(() => {
+      (mockBridgeInstance as any).passkeySignupChallenge = jest
+        .fn()
+        .mockResolvedValue(mockChallengeResponse);
+    });
+
+    it('should call passkeySignupChallenge on the guarded bridge with all parameters', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await client.passkeySignupChallenge({
+        email: 'user@example.com',
+        phoneNumber: '+1234567890',
+        username: 'johndoe',
+        name: 'John Doe',
+        givenName: 'John',
+        familyName: 'Doe',
+        nickname: 'johnny',
+        picture: 'https://example.com/photo.png',
+        userMetadata: { signup_source: 'mobile_app' },
+        realm: 'Username-Password-Authentication',
+        organization: 'org_123',
+      });
+
+      expect(
+        (mockBridgeInstance as any).passkeySignupChallenge
+      ).toHaveBeenCalledWith(
+        'user@example.com',
+        '+1234567890',
+        'johndoe',
+        'John Doe',
+        'John',
+        'Doe',
+        'johnny',
+        'https://example.com/photo.png',
+        { signup_source: 'mobile_app' },
+        'Username-Password-Authentication',
+        'org_123'
+      );
+    });
+
+    it('should convert empty strings to undefined', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await client.passkeySignupChallenge({
+        email: 'user@example.com',
+        phoneNumber: '',
+        username: '',
+        name: '',
+        realm: 'Username-Password-Authentication',
+      });
+
+      expect(
+        (mockBridgeInstance as any).passkeySignupChallenge
+      ).toHaveBeenCalledWith(
+        'user@example.com',
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        'Username-Password-Authentication',
+        undefined
+      );
+    });
+
+    it('should return challenge response from passkeySignupChallenge', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      const result = await client.passkeySignupChallenge({
+        email: 'user@example.com',
+        realm: 'Username-Password-Authentication',
+      });
+
+      expect(result).toEqual(mockChallengeResponse);
+    });
+
+    it('should throw PasskeyError on failure', async () => {
+      const { AuthError } = require('../../../../core/models');
+      const { PasskeyError } = require('../../../../core/models');
+
+      (mockBridgeInstance as any).passkeySignupChallenge = jest
+        .fn()
+        .mockRejectedValue(
+          new AuthError('PASSKEY_CHALLENGE_FAILED', 'Challenge failed', {
+            code: 'PASSKEY_CHALLENGE_FAILED',
+          })
+        );
+
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await expect(
+        client.passkeySignupChallenge({
+          email: 'user@example.com',
+          realm: 'Username-Password-Authentication',
+        })
+      ).rejects.toBeInstanceOf(PasskeyError);
+    });
+  });
+
+  describe('passkeyLoginChallenge', () => {
+    const mockChallengeResponse = {
+      authSession: 'mock-auth-session-456',
+      authParamsPublicKey: {
+        rpId: 'my-tenant.auth0.com',
+        challenge: 'Y2hhbGxlbmdl',
+        allowCredentials: [],
+      },
+    };
+
+    beforeEach(() => {
+      (mockBridgeInstance as any).passkeyLoginChallenge = jest
+        .fn()
+        .mockResolvedValue(mockChallengeResponse);
+    });
+
+    it('should call passkeyLoginChallenge on the guarded bridge with all parameters', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await client.passkeyLoginChallenge({
+        realm: 'Username-Password-Authentication',
+        organization: 'org_123',
+      });
+
+      expect(
+        (mockBridgeInstance as any).passkeyLoginChallenge
+      ).toHaveBeenCalledWith('Username-Password-Authentication', 'org_123');
+    });
+
+    it('should return challenge response from passkeyLoginChallenge', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      const result = await client.passkeyLoginChallenge({
+        realm: 'Username-Password-Authentication',
+      });
+
+      expect(result).toEqual(mockChallengeResponse);
+    });
+
+    it('should throw PasskeyError on failure', async () => {
+      const { AuthError } = require('../../../../core/models');
+      const { PasskeyError } = require('../../../../core/models');
+
+      (mockBridgeInstance as any).passkeyLoginChallenge = jest
+        .fn()
+        .mockRejectedValue(
+          new AuthError('PASSKEY_CHALLENGE_FAILED', 'Challenge failed', {
+            code: 'PASSKEY_CHALLENGE_FAILED',
+          })
+        );
+
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await expect(
+        client.passkeyLoginChallenge({
+          realm: 'Username-Password-Authentication',
+        })
+      ).rejects.toBeInstanceOf(PasskeyError);
+    });
+  });
+
+  describe('getTokenByPasskey', () => {
+    const mockCredentials = {
+      idToken: 'mock-id-token',
+      accessToken: 'mock-access-token',
+      tokenType: 'Bearer',
+      expiresAt: Math.floor(Date.now() / 1000) + 3600,
+      refreshToken: 'mock-refresh-token',
+      scope: 'openid profile email',
+    };
+
+    beforeEach(() => {
+      (mockBridgeInstance as any).getTokenByPasskey = jest
+        .fn()
+        .mockResolvedValue(mockCredentials);
+    });
+
+    it('should call getTokenByPasskey on the guarded bridge with all parameters', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await client.getTokenByPasskey({
+        authSession: 'auth-session-123',
+        authResponse: '{"id":"cred-id","type":"public-key","response":{}}',
+        realm: 'Username-Password-Authentication',
+        audience: 'https://api.example.com',
+        scope: 'openid profile email',
+        organization: 'org_123',
+      });
+
+      expect(
+        (mockBridgeInstance as any).getTokenByPasskey
+      ).toHaveBeenCalledWith(
+        'auth-session-123',
+        '{"id":"cred-id","type":"public-key","response":{}}',
+        'Username-Password-Authentication',
+        'https://api.example.com',
+        'openid profile email',
+        'org_123'
+      );
+    });
+
+    it('should call getTokenByPasskey with only required parameters', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await client.getTokenByPasskey({
+        authSession: 'auth-session-123',
+        authResponse: '{"id":"cred-id","type":"public-key","response":{}}',
+      });
+
+      expect(
+        (mockBridgeInstance as any).getTokenByPasskey
+      ).toHaveBeenCalledWith(
+        'auth-session-123',
+        '{"id":"cred-id","type":"public-key","response":{}}',
+        undefined,
+        undefined,
+        undefined,
+        undefined
+      );
+    });
+
+    it('should return credentials from getTokenByPasskey', async () => {
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      const result = await client.getTokenByPasskey({
+        authSession: 'auth-session-123',
+        authResponse: '{"id":"cred-id","type":"public-key","response":{}}',
+      });
+
+      expect(result).toEqual(mockCredentials);
+    });
+
+    it('should throw PasskeyError on failure', async () => {
+      const { AuthError } = require('../../../../core/models');
+      const { PasskeyError } = require('../../../../core/models');
+
+      (mockBridgeInstance as any).getTokenByPasskey = jest
+        .fn()
+        .mockRejectedValue(
+          new AuthError('PASSKEY_EXCHANGE_FAILED', 'Exchange failed', {
+            code: 'PASSKEY_EXCHANGE_FAILED',
+          })
+        );
+
+      const client = new NativeAuth0Client(options);
+      await new Promise(process.nextTick);
+
+      await expect(
+        client.getTokenByPasskey({
+          authSession: 'auth-session-123',
+          authResponse: '{"id":"cred-id","type":"public-key","response":{}}',
+        })
+      ).rejects.toBeInstanceOf(PasskeyError);
+    });
+  });
 });
diff --git a/src/platforms/native/bridge/INativeBridge.ts b/src/platforms/native/bridge/INativeBridge.ts
index 184ebc3d..33050fd0 100644
--- a/src/platforms/native/bridge/INativeBridge.ts
+++ b/src/platforms/native/bridge/INativeBridge.ts
@@ -5,6 +5,7 @@ import type {
   ClearSessionParameters,
   DPoPHeadersParams,
   SessionTransferCredentials,
+  PasskeyChallengeResponse,
 } from '../../../types';
 import type {
   LocalAuthenticationOptions,
@@ -205,4 +206,70 @@ export interface INativeBridge {
     scope?: string,
     organization?: string
   ): Promise<Credentials>;
+
+  /**
+   * Requests a passkey signup challenge from Auth0.
+   *
+   * Returns WebAuthn creation options to be used with the platform's credential manager.
+   *
+   * @param email The user's email address.
+   * @param phoneNumber The user's phone number.
+   * @param username The user's username.
+   * @param name The user's display name.
+   * @param givenName The user's first name.
+   * @param familyName The user's last name.
+   * @param nickname The user's preferred nickname.
+   * @param picture URL pointing to the user's profile picture.
+   * @param userMetadata Additional user metadata as key-value pairs.
+   * @param realm The database connection name.
+   * @param organization Optional organization ID or name.
+   * @returns A promise that resolves with the challenge response.
+   */
+  passkeySignupChallenge(
+    email?: string,
+    phoneNumber?: string,
+    username?: string,
+    name?: string,
+    givenName?: string,
+    familyName?: string,
+    nickname?: string,
+    picture?: string,
+    userMetadata?: Record<string, string>,
+    realm?: string,
+    organization?: string
+  ): Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Requests a passkey login challenge from Auth0.
+   *
+   * Returns WebAuthn request options to be used with the platform's credential manager.
+   *
+   * @param realm The database connection name.
+   * @param organization Optional organization ID or name.
+   * @returns A promise that resolves with the challenge response.
+   */
+  passkeyLoginChallenge(
+    realm?: string,
+    organization?: string
+  ): Promise<PasskeyChallengeResponse>;
+
+  /**
+   * Exchanges a passkey credential response for Auth0 tokens.
+   *
+   * @param authSession The auth session from the challenge response.
+   * @param authResponse JSON string of the PublicKeyCredential response.
+   * @param realm The database connection name.
+   * @param audience Optional target API identifier.
+   * @param scope Optional space-separated scopes.
+   * @param organization Optional organization ID or name.
+   * @returns A promise that resolves with Auth0 credentials.
+   */
+  getTokenByPasskey(
+    authSession: string,
+    authResponse: string,
+    realm?: string,
+    audience?: string,
+    scope?: string,
+    organization?: string
+  ): Promise<Credentials>;
 }
diff --git a/src/platforms/native/bridge/NativeBridgeManager.ts b/src/platforms/native/bridge/NativeBridgeManager.ts
index c35960bb..b56355e2 100644
--- a/src/platforms/native/bridge/NativeBridgeManager.ts
+++ b/src/platforms/native/bridge/NativeBridgeManager.ts
@@ -7,6 +7,7 @@ import type {
   NativeClearSessionOptions,
   DPoPHeadersParams,
   SessionTransferCredentials,
+  PasskeyChallengeResponse,
 } from '../../../types';
 import {
   SafariViewControllerPresentationStyle,
@@ -253,4 +254,64 @@ export class NativeBridgeManager implements INativeBridge {
       );
     }
   }
+
+  async passkeySignupChallenge(
+    email?: string,
+    phoneNumber?: string,
+    username?: string,
+    name?: string,
+    givenName?: string,
+    familyName?: string,
+    nickname?: string,
+    picture?: string,
+    userMetadata?: Record<string, string>,
+    realm?: string,
+    organization?: string
+  ): Promise<PasskeyChallengeResponse> {
+    return this.a0_call(
+      Auth0NativeModule.passkeySignupChallenge.bind(Auth0NativeModule),
+      email,
+      phoneNumber,
+      username,
+      name,
+      givenName,
+      familyName,
+      nickname,
+      picture,
+      userMetadata,
+      realm,
+      organization
+    );
+  }
+
+  async passkeyLoginChallenge(
+    realm?: string,
+    organization?: string
+  ): Promise<PasskeyChallengeResponse> {
+    return this.a0_call(
+      Auth0NativeModule.passkeyLoginChallenge.bind(Auth0NativeModule),
+      realm,
+      organization
+    );
+  }
+
+  async getTokenByPasskey(
+    authSession: string,
+    authResponse: string,
+    realm?: string,
+    audience?: string,
+    scope?: string,
+    organization?: string
+  ): Promise<Credentials> {
+    const credential = await this.a0_call(
+      Auth0NativeModule.getTokenByPasskey.bind(Auth0NativeModule),
+      authSession,
+      authResponse,
+      realm,
+      audience,
+      scope,
+      organization
+    );
+    return new CredentialsModel(credential);
+  }
 }
diff --git a/src/platforms/web/adapters/WebAuth0Client.ts b/src/platforms/web/adapters/WebAuth0Client.ts
index ec53736b..b7acbbd8 100644
--- a/src/platforms/web/adapters/WebAuth0Client.ts
+++ b/src/platforms/web/adapters/WebAuth0Client.ts
@@ -12,6 +12,10 @@ import type { WebAuth0Options } from '../../../types/platform-specific';
 import type {
   DPoPHeadersParams,
   CustomTokenExchangeParameters,
+  PasskeySignupChallengeParameters,
+  PasskeyLoginChallengeParameters,
+  PasskeyChallengeResponse,
+  GetTokenByPasskeyParameters,
   Credentials,
 } from '../../../types';
 import { WebWebAuthProvider } from './WebWebAuthProvider';
@@ -23,7 +27,7 @@ import {
 } from '../../../core/services';
 import { HttpClient } from '../../../core/services/HttpClient';
 import { TokenType } from '../../../types/common';
-import { AuthError, DPoPError } from '../../../core/models';
+import { AuthError, DPoPError, PasskeyError } from '../../../core/models';
 
 export class WebAuth0Client implements IAuth0Client {
   readonly webAuth: WebWebAuthProvider;
@@ -257,4 +261,37 @@ export class WebAuth0Client implements IAuth0Client {
       );
     }
   }
+
+  async passkeySignupChallenge(
+    _parameters: PasskeySignupChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    throw new PasskeyError(
+      new AuthError(
+        'UnsupportedOperation',
+        'Passkeys are not supported on the web platform'
+      )
+    );
+  }
+
+  async passkeyLoginChallenge(
+    _parameters: PasskeyLoginChallengeParameters
+  ): Promise<PasskeyChallengeResponse> {
+    throw new PasskeyError(
+      new AuthError(
+        'UnsupportedOperation',
+        'Passkeys are not supported on the web platform'
+      )
+    );
+  }
+
+  async getTokenByPasskey(
+    _parameters: GetTokenByPasskeyParameters
+  ): Promise<Credentials> {
+    throw new PasskeyError(
+      new AuthError(
+        'UnsupportedOperation',
+        'Passkeys are not supported on the web platform'
+      )
+    );
+  }
 }
diff --git a/src/specs/NativeA0Auth0.ts b/src/specs/NativeA0Auth0.ts
index d318c3ac..4ffeb7c9 100644
--- a/src/specs/NativeA0Auth0.ts
+++ b/src/specs/NativeA0Auth0.ts
@@ -159,6 +159,43 @@ export interface Spec extends TurboModule {
     scope: string | undefined,
     organization: string | undefined
   ): Promise<Credentials>;
+
+  /**
+   * Request a passkey signup challenge from Auth0.
+   */
+  passkeySignupChallenge(
+    email: string | undefined,
+    phoneNumber: string | undefined,
+    username: string | undefined,
+    name: string | undefined,
+    givenName: string | undefined,
+    familyName: string | undefined,
+    nickname: string | undefined,
+    picture: string | undefined,
+    userMetadata: { [key: string]: string } | undefined,
+    realm: string | undefined,
+    organization: string | undefined
+  ): Promise<{ authSession: string; authParamsPublicKey: Object }>;
+
+  /**
+   * Request a passkey login challenge from Auth0.
+   */
+  passkeyLoginChallenge(
+    realm: string | undefined,
+    organization: string | undefined
+  ): Promise<{ authSession: string; authParamsPublicKey: Object }>;
+
+  /**
+   * Exchange a passkey credential response for Auth0 tokens.
+   */
+  getTokenByPasskey(
+    authSession: string,
+    authResponse: string,
+    realm: string | undefined,
+    audience: string | undefined,
+    scope: string | undefined,
+    organization: string | undefined
+  ): Promise<Credentials>;
 }
 
 export default TurboModuleRegistry.getEnforcing<Spec>('A0Auth0');
diff --git a/src/types/common.ts b/src/types/common.ts
index 2d9ec970..fdc24c24 100644
--- a/src/types/common.ts
+++ b/src/types/common.ts
@@ -160,8 +160,8 @@ export interface Auth0Options {
    * Helps handle network failures and transient errors when using refresh token rotation.
    * **iOS only** - This parameter is accepted on Android for API compatibility but has no effect
    * as the Auth0.Android SDK does not currently support retry configuration.
+   * @remarks iOS only.
    * @default 0 (no retries)
-   * @platform ios
    */
   maxRetries?: number;
   // Telemetry and localAuthenticationOptions are platform-specific extensions
diff --git a/src/types/parameters.ts b/src/types/parameters.ts
index d52ca394..7c86817f 100644
--- a/src/types/parameters.ts
+++ b/src/types/parameters.ts
@@ -313,6 +313,97 @@ export interface CreateUserParameters extends RequestOptions {
   metadata?: object;
 }
 
+// ========= Passkey Parameters =========
+
+/**
+ * Parameters for requesting a passkey signup challenge from Auth0.
+ *
+ * The challenge response contains WebAuthn creation options that should
+ * be passed to the platform's credential manager (CredentialManager on Android,
+ * ASAuthorizationController on iOS) to create a new passkey credential.
+ *
+ * @see https://auth0.com/docs/authenticate/database-connections/passkeys
+ */
+export interface PasskeySignupChallengeParameters {
+  /** The user's email address. */
+  email?: string;
+  /** The user's phone number. */
+  phoneNumber?: string;
+  /** The user's username. */
+  username?: string;
+  /** The user's display name. */
+  name?: string;
+  /** The user's first name. */
+  givenName?: string;
+  /** The user's last name. */
+  familyName?: string;
+  /** The user's preferred nickname. */
+  nickname?: string;
+  /** URL pointing to the user's profile picture. */
+  picture?: string;
+  /** Additional user metadata as key-value pairs. */
+  userMetadata?: Record<string, string>;
+  /** The database connection name. */
+  realm?: string;
+  /** Organization ID or name for authenticating in an organization context. */
+  organization?: string;
+}
+
+/**
+ * Parameters for requesting a passkey login challenge from Auth0.
+ *
+ * The challenge response contains WebAuthn request options that should
+ * be passed to the platform's credential manager to assert an existing passkey.
+ *
+ * @see https://auth0.com/docs/authenticate/database-connections/passkeys
+ */
+export interface PasskeyLoginChallengeParameters {
+  /** The database connection name. */
+  realm?: string;
+  /** Organization ID or name for authenticating in an organization context. */
+  organization?: string;
+}
+
+/**
+ * Response from a passkey signup challenge request.
+ * Contains the auth session and WebAuthn creation options for the platform credential manager.
+ */
+export interface PasskeyChallengeResponse {
+  /** The auth session identifier to be used in the subsequent exchange call. */
+  authSession: string;
+  /** The raw WebAuthn public key credential creation/request options as JSON. */
+  authParamsPublicKey: Record<string, any>;
+}
+
+/**
+ * Parameters for exchanging a passkey credential response for Auth0 tokens.
+ *
+ * After the platform credential manager returns the credential (either a new
+ * registration or an assertion), pass the auth_session and the credential JSON
+ * response to this method to obtain Auth0 tokens.
+ *
+ * @see https://auth0.com/docs/authenticate/database-connections/passkeys
+ */
+export interface GetTokenByPasskeyParameters {
+  /** The auth session received from the challenge response. */
+  authSession: string;
+  /** The JSON string of the PublicKeyCredential response from the platform credential manager. */
+  authResponse: string;
+  /** The database connection name. */
+  realm?: string;
+  /** The target API identifier for the issued access token. */
+  audience?: string;
+  /**
+   * Space-separated list of OAuth 2.0 scopes.
+   * @default "openid profile email"
+   */
+  scope?: string;
+  /** Organization ID or name for authenticating in an organization context. */
+  organization?: string;
+}
+
+// ========= User Management & Profile Parameters =========
+
 /**
  * Parameters for patching a user's metadata via the Management API.
  * Requires an access token with `update:current_user_metadata` scope.