Passkey Progressive Enrollment Fails with "Something went wrong..." Error

Knowledge Articles
1

Overview

This article explains a potential cause of the following error during Passkey progressive enrollment.

Something went wrong…

A 400 response to POST /u/passkey-enrollment is returned when selecting the Create a passkey button on /u/passkey-enrollment.

  • The payload on POST /u/passkey-enrollment is missing the passkey data and returns an error, like the example below:

state: hKFo...5pag``passkey:``action: showError::{"name":"TypeError","message":"Failed to execute 'create' on 'CredentialsContainer': Failed to read the 'publicKey' property from 'CredentialCreationOptions': Failed to read the 'user' property from 'PublicKeyCredentialCreationOptions': Failed to read the 'name' property from 'PublicKeyCredentialEntity': Required member is undefined.","stack":"TypeError: Required member is undefined.\n at HTMLButtonElement.<anonymous> (https://<DOMAIN>/u/passkey-enrollment?state=hKFo...5pag:514:6352)"}

Applies To

  • Passkey Enrollment

Cause

This issue may be due to the connection only allowing signups with phone as an identifier. Passkey enrollment is a type of signup. The following configuration would only allow the phone number on the authenticated user profile to enroll for passkey:

{
...
  "options": {
...
    "attributes": {
      "email": {
        "signup": {
          "status": "inactive",
          "verification": {
            "active": false
          }
        },
        "identifier": {
          "active": true
        },
        "profile_required": false,
        "verification_method": "link"
      },
      "username": {
        "signup": {
          "status": "inactive"
        },
        "identifier": {
          "active": true
        },
        "validation": {
          "max_length": 15,
          "min_length": 1,
          "allowed_types": {
            "email": false,
            "phone_number": false
          }
        },
        "profile_required": false
      },
      "phone_number": {
        "signup": {
          "status": "optional",
          "verification": {
            "active": true
          }
        },
        "identifier": {
          "active": false
        },
        "profile_required": false
      }
    },
...

See the configuration below for an example of a configuration that does not have a phone in their profile, just an ```email` ``:

{
  "created_at": "<DATE>",
  "email": "REDACTED",
  "email_verified": false,
  "identities": [
    {
      "connection": "REDACTED",
      "provider": "auth0",
      "user_id": "REDACTED",
      "isSocial": false
    }
  ],
  "name": "REDACTED",
  "nickname": "REDACTED",
  "picture": "<image URL>",
  "updated_at": "<DATE>",
  "user_id": "auth0|REDACTED",
  "user_metadata": {},
  "username": "REDACTED",
  "app_metadata": {
    "Apps": [
      "Group"
    ],
    "Group": {
      "Test": "Test2"
    }
  },
  "last_ip": "<IP>",
  "last_login": "<date>",
  "logins_count": 23,
  "blocked_for": [],
  "guardian_authenticators": [],
  "passkeys": []
}

Solution

The connection configuration must allow signup with an identifier enabled. Either add the identifier to the configuration or add a value for the original identifier to the user profile.