I recently set up passkey-only sign ins for a webapp I'm writing using Authentik [0](Python OIDC provider, with quite a nice docker-compose run-up, took only minutes to stand up.) It was surprisingly easy to configure everything so that passkeys are the only thing ever used.

If anyone would be interested I could write it up? I was surprised what a nice user flow it is and how easy it was to achieve.

[0] https://goauthentik.io/

so many of these Authentication providers have a hockey stick pricing scheme, where the first few users are near free and when you grow you are going to get mugged and kicked in the groin.