Which browsers support passkey creation in 3rd-party iframe?

As of now, browser support for creating passkeys within third-party (cross-origin) iframes is evolving rapidly, particularly influenced by the WebAuthn Level 3 specification. Here's the current state of support:

• Chrome: Fully supports passkey creation in cross-origin iframes as of Chrome version 123, complying with the WebAuthn Level 3 specification.
• Firefox: Fully supports passkey creation in cross-origin iframes, aligning with WebAuthn Level 3.

Safari: Currently does not support creating passkeys within third-party iframes. Safari allows only authentication (login) via passkeys in cross-origin iframes, but not registration or creation. This limitation is part of Safari's broader restrictions related to cross-origin security. In a payment context, one of the reason for this limitation is that Apple wants to protect its Apple Pay experience and make it stand out against other providers.

• Always verify browser compatibility before implementing a cross-origin iframe passkey flow in production environments.
• Provide alternative authentication flows (e.g., redirect-based or pop-up-based) to handle browsers with limited support, ensuring consistent user experiences.

For the most accurate and up-to-date compatibility, always check official browser documentation and release notes.