# Pocket ID - simple passkey-only OIDC provider for self-hosted services

> Pocket ID is a lightweight, self-hosted OIDC provider using passkeys as the sole auth method, filling the gap between Keycloak and no SSO for self-hosted services.

Published: 2026-03-28
URL: https://daniliants.com/insights/pocket-id-simple-passkey-only-oidc-provider-for-self-hosted-services/
Tags: passkeys, oidc, authentication, self-hosting, sso, docker, identity-provider

---

## Summary

Pocket ID is a lightweight, self-hosted OIDC provider that uses passkeys as the only authentication method - no passwords at all. It fills the gap between complex identity solutions like Keycloak/ORY Hydra and having no SSO for self-hosted services, deploying easily via Docker.

## Key Insight

- **Passkey-only by design** - deliberately eliminates passwords entirely, betting on passkeys as the future of auth. This is an opinionated but forward-looking choice that removes password management, reuse, and phishing risks in one move.
- **Targets the self-hosting sweet spot** - Keycloak and ORY Hydra are enterprise-grade and complex to configure. Pocket ID is purpose-built for homelab/small-scale use where you want one login across services without spending days on IdP setup.
- **Hardware key friendly** - explicitly supports YubiKey and similar physical security keys as passkey devices, making it practical for environments where you want strong physical authentication across all services.
- **Standard OIDC** - any service that supports OIDC as an auth provider can integrate with it, giving broad compatibility without vendor-specific plugins.