TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-24 06:27:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login): generate code for passkey (#10966)

Browse Source 
# Which Problems Are Solved

When the passkey registration page (/passkey/set) is accessed externally
with only a loginName parameter, users encounter a "Missing code in
response" error. This occurs because the registration code is only
generated for invalid sessions, but external calls typically have valid
sessions.

# How the Problems Are Solved

- Moved registration code generation outside the session validity check
in `registerPasskeyLink()`
- Code is now generated for both valid and invalid sessions when not
provided
- Simplified logic: use provided code if available, otherwise generate a
new one

(cherry picked from commit 5d75e41d00)
This commit is contained in:
Max Peintner
2025-10-27 10:17:01 +01:00
committed by Livio Spring
parent 2b2ed20188
commit 22b55b4dda
1 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apps/login/src/lib/server/passkeys.ts
View File

@@ -107,20 +107,25 @@ export async function registerPasskeyLink(
if (!hasValidUserVerificationCheck) {
return { error: "User Verification Check has to be done" };
}
}
if (!command.code) {
// request a new code if no code is provided
const codeResponse = await createPasskeyRegistrationLink({
serviceUrl,
userId: currentUserId,
});
// Generate registration code if not provided
if (command.code && command.codeId) {
registerCode = {
id: command.codeId,
code: command.code,
};
} else {
const codeResponse = await createPasskeyRegistrationLink({
serviceUrl,
userId: currentUserId,
});
if (!codeResponse?.code?.code) {
return { error: "Could not create registration link" };
}
registerCode = codeResponse.code;
if (!codeResponse?.code?.code) {
return { error: "Could not create registration link" };
}
registerCode = codeResponse.code;
}
} else if (command.userId && command.code && command.codeId) {
currentUserId = command.userId;