From 22b55b4ddadc156de33bf1371bb4f43f7a4d46b4 Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Mon, 27 Oct 2025 10:17:01 +0100
Subject: [PATCH] fix(login): generate code for passkey (#10966)

# Which Problems Are Solved

When the passkey registration page (/passkey/set) is accessed externally
with only a loginName parameter, users encounter a "Missing code in
response" error. This occurs because the registration code is only
generated for invalid sessions, but external calls typically have valid
sessions.

# How the Problems Are Solved

- Moved registration code generation outside the session validity check
in `registerPasskeyLink()`
- Code is now generated for both valid and invalid sessions when not
provided
- Simplified logic: use provided code if available, otherwise generate a
new one

(cherry picked from commit 5d75e41d00cd3c37a3c0a6df14b8a27feaffcc0f)
---
 apps/login/src/lib/server/passkeys.ts | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/apps/login/src/lib/server/passkeys.ts b/apps/login/src/lib/server/passkeys.ts
index 30584ca888c..753f296d7bd 100644
--- a/apps/login/src/lib/server/passkeys.ts
+++ b/apps/login/src/lib/server/passkeys.ts
@@ -107,20 +107,25 @@ export async function registerPasskeyLink(
       if (!hasValidUserVerificationCheck) {
         return { error: "User Verification Check has to be done" };
       }
+    }
 
-      if (!command.code) {
-        // request a new code if no code is provided
-        const codeResponse = await createPasskeyRegistrationLink({
-          serviceUrl,
-          userId: currentUserId,
-        });
+    // Generate registration code if not provided
+    if (command.code && command.codeId) {
+      registerCode = {
+        id: command.codeId,
+        code: command.code,
+      };
+    } else {
+      const codeResponse = await createPasskeyRegistrationLink({
+        serviceUrl,
+        userId: currentUserId,
+      });
 
-        if (!codeResponse?.code?.code) {
-          return { error: "Could not create registration link" };
-        }
-
-        registerCode = codeResponse.code;
+      if (!codeResponse?.code?.code) {
+        return { error: "Could not create registration link" };
       }
+
+      registerCode = codeResponse.code;
     }
   } else if (command.userId && command.code && command.codeId) {
     currentUserId = command.userId;