This demo tests the use of a 'pure' (i.e., not payment-enabled) passkey
in a first-party scenario. This will not work in a naive browser-cache
implementation of SPC, but will work with availability and use of proper
OS-level credential store APIs. To test the integration:
As of 2026/02/18, this demo:
Works on Chrome on Android, as long as the passkey is saved to Google Password Manager.
Does NOT work on Chrome on MacOS
Does NOT work on Chrome on Windows
Instructions:
In the iframe, click on 'Enroll Credential'
This will trigger passkey creation for the embedded RP
Complete the passkey creation
Outside of the iframe, click on 'Trigger third-party SPC'.
This should fail, because the passkey isn't enabled for third-party payment
Inside of the iframe, click on 'Trigger first-party SPC'. This should succeed.