Skip to content

passkey_authentication_failed

This page is auto-generated from src/auth/stytch-invite.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

passkey_authentication_failed

FunctionSource
encodePasskeyAuthenticationFailedAuditReasonsrc/auth/stytch-invite.ts:375
FieldTypeRequiredNotes
member_idstring | nullyes
credential_idstring | nullyes
reason| "credential_not_found" | "verification_failed" | "challenge_expired" | "counter_regression"yes

Emitted from POST /admin/ui/login/passkey/complete on every failure path. New in #464 — the legacy Stytch-mediated flow only audited the success case, swallowing failures into a generic 502 per feedback-observability-rigor. Both member_id and credential_id are nullable: a credential_not_found failure knows the claimed credential_id from the browser but NOT member_id; a verification_failed failure knows both.

This envelope is stored in audit_log.decision_reason (varchar(256)) as a JSON object with the shape { event, ...ctx }. The audit_log row carries tenant_id, actor_user_id, and timestamp as columns alongside — those are not duplicated in the envelope.