Skip to content

passkey_authentication_succeeded

This page is auto-generated from src/auth/stytch-invite.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

passkey_authentication_succeeded

FunctionSource
encodePasskeyAuthenticationSucceededAuditReasonsrc/auth/stytch-invite.ts:346
FieldTypeRequiredNotes
member_idstringyes
credential_row_idstringyes
credential_idstringyes
counter_beforenumberyes
counter_afternumberyes
sign_in_mode"button" | "autofill"no#464 PR #4 — conditional-UI / autofill discriminator. Distinguishes the explicit “Sign in with passkey” button path (“button”) from the WebAuthn conditional-mediation autofill path (“autofill”) the browser triggers from the username field. Optional + defaults to “button” when absent so PR #3’s existing call sites (which predate the conditional-UI route) keep type-checking unchanged.

Emitted from POST /admin/ui/login/passkey/complete after a successful verifyAuthenticationResponse + counter UPDATE. Replaces the deprecated {@link encodePasskeyLoginSucceededAuditReason}; event string renamed passkey_login_succeededpasskey_authentication_succeeded to match the W3C “authentication ceremony” term — SIEM consumers should update their saved searches when PR #3 flips PASSKEY_ENABLED=true.

This envelope is stored in audit_log.decision_reason (varchar(256)) as a JSON object with the shape { event, ...ctx }. The audit_log row carries tenant_id, actor_user_id, and timestamp as columns alongside — those are not duplicated in the envelope.