Skip to content

[6.x] Fix creating passkeys #13566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jasonvarga merged 4 commits into from
Jan 15, 2026
Merged

[6.x] Fix creating passkeys #13566

jasonvarga merged 4 commits into from
Jan 15, 2026

Conversation

@duncanmcclean
Copy link
Member

@duncanmcclean duncanmcclean commented Jan 15, 2026

This pull request fixes an issue preventing passkeys from being created.

Problem

The web-auth/webauthn-lib package recently changed what is returned by the assertionResponseValidator->check() method.

It previously returned a PublicKeyCredentialSource instance but it now returns a CredentialRecord instance, causing a type error in our code.

Solution

This PR fixes it by accepting any object (as CredentialRecord only exists in 5.3.x) and converting the CredentialRecord to what we're expecting.

These changes are part of the package's 5.3.x branch which is yet to be tagged, but seems to be used when creating new Statamic sites.

An alternative solution would be to pin the package to 5.2.x and handle the necessary changes after 5.3.x has been tagged.

Fixes #13561

@duncanmcclean duncanmcclean linked an issue Jan 15, 2026 that may be closed by this pull request
[6.x] Cannot create passkey #13561
Closed
jasonvarga
jasonvarga requested changes Jan 15, 2026
View reviewed changes
Copy link
Member

@jasonvarga jasonvarga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather enforce 5.3 when it's out (or require the 5.3.x branch now) and expect CredentialRecord all over.
Technically a breaking change, but we're still in beta and all this is a brand new thing to v6. We can call it a bug fix and plead to the semver gods.

@duncanmcclean
Copy link
Member Author

duncanmcclean commented Jan 15, 2026
edited
Loading

I've updated this PR to require the 5.3.x branch instead and removed the backwards compatibility fix.

@jasonvarga jasonvarga merged commit 2162e04 into master Jan 15, 2026
11 checks passed
@jasonvarga jasonvarga deleted the webauthn-credentials branch January 15, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonvarga jasonvarga Awaiting requested review from jasonvarga

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[6.x] Cannot create passkey

3 participants

@duncanmcclean @jasonvarga