From 8709af6fe94a3e8e4e59967f50aa4c5b4fc9d2da Mon Sep 17 00:00:00 2001 From: Alex Yang Date: Thu, 18 Sep 2025 15:37:09 -0700 Subject: [PATCH] fix(passkey): remove `email` from query (#4740) --- docs/content/docs/plugins/passkey.mdx | 8 -------- packages/better-auth/src/plugins/passkey/client.ts | 4 ---- packages/better-auth/src/plugins/passkey/index.ts | 10 ---------- .../better-auth/src/plugins/passkey/passkey.test.ts | 9 +++++++++ 4 files changed, 9 insertions(+), 22 deletions(-) diff --git a/docs/content/docs/plugins/passkey.mdx b/docs/content/docs/plugins/passkey.mdx index 84fe419090..5c1afe65be 100644 --- a/docs/content/docs/plugins/passkey.mdx +++ b/docs/content/docs/plugins/passkey.mdx @@ -116,17 +116,10 @@ To sign in with a passkey you can use the `signIn.passkey` method. This will pro ```ts type signInPasskey = { - /** - * The email of the user to sign in. - */ - email: string = "example@gmail.com" /** * Browser autofill, a.k.a. Conditional UI. Read more: https://simplewebauthn.dev/docs/packages/browser#browser-autofill-aka-conditional-ui */ autoFill?: boolean = true - /** - * The URL to redirect to after the user has signed in. - */ } ``` @@ -135,7 +128,6 @@ type signInPasskey = { ```ts // With post authentication redirect await authClient.signIn.passkey({ - email: "user@example.com", autoFill: true, fetchOptions: { onSuccess(context) { diff --git a/packages/better-auth/src/plugins/passkey/client.ts b/packages/better-auth/src/plugins/passkey/client.ts index 31ef751fd4..f5395e7262 100644 --- a/packages/better-auth/src/plugins/passkey/client.ts +++ b/packages/better-auth/src/plugins/passkey/client.ts @@ -26,7 +26,6 @@ export const getPasskeyActions = ( const signInPasskey = async ( opts?: { autoFill?: boolean; - email?: string; fetchOptions?: BetterFetchOption; }, options?: BetterFetchOption, @@ -35,9 +34,6 @@ export const getPasskeyActions = ( "/passkey/generate-authenticate-options", { method: "POST", - body: { - email: opts?.email, - }, }, ); if (!response.data) { diff --git a/packages/better-auth/src/plugins/passkey/index.ts b/packages/better-auth/src/plugins/passkey/index.ts index 6bcd4a77bc..9dd8f1397c 100644 --- a/packages/better-auth/src/plugins/passkey/index.ts +++ b/packages/better-auth/src/plugins/passkey/index.ts @@ -332,16 +332,6 @@ export const passkey = (options?: PasskeyOptions) => { "/passkey/generate-authenticate-options", { method: "POST", - body: z - .object({ - email: z - .string() - .meta({ - description: "The email address of the user", - }) - .optional(), - }) - .optional(), metadata: { openapi: { description: "Generate authentication options for a passkey", diff --git a/packages/better-auth/src/plugins/passkey/passkey.test.ts b/packages/better-auth/src/plugins/passkey/passkey.test.ts index 5be4bd2988..cd24816906 100644 --- a/packages/better-auth/src/plugins/passkey/passkey.test.ts +++ b/packages/better-auth/src/plugins/passkey/passkey.test.ts @@ -53,6 +53,15 @@ describe("passkey", async () => { expect(options).toHaveProperty("userVerification"); }); + it("should generate authenticate options without session (discoverable credentials)", async () => { + // Test without any session/auth headers - simulating a new sign-in with discoverable credentials + const options = await auth.api.generatePasskeyAuthenticationOptions({}); + expect(options).toBeDefined(); + expect(options).toHaveProperty("challenge"); + expect(options).toHaveProperty("rpId"); + expect(options).toHaveProperty("userVerification"); + }); + it("should list user passkeys", async () => { const { headers, user } = await signInWithTestUser(); const context = await auth.$context;