passkey_authentication_failed
This page is auto-generated from
src/auth/stytch-invite.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
Event string
Section titled “Event string”passkey_authentication_failed
Emitting helpers
Section titled “Emitting helpers”| Function | Source |
|---|---|
encodePasskeyAuthenticationFailedAuditReason | src/auth/stytch-invite.ts:375 |
Context fields
Section titled “Context fields”| Field | Type | Required | Notes |
|---|---|---|---|
member_id | string | null | yes | — |
credential_id | string | null | yes | — |
reason | | "credential_not_found" | "verification_failed" | "challenge_expired" | "counter_regression" | yes | — |
Documentation
Section titled “Documentation”Emitted from POST /admin/ui/login/passkey/complete on every failure path. New in #464 — the legacy Stytch-mediated flow only audited the success case, swallowing failures into a generic 502 per feedback-observability-rigor. Both member_id and credential_id are nullable: a credential_not_found failure knows the claimed credential_id from the browser but NOT member_id; a verification_failed failure knows both.
This envelope is stored in audit_log.decision_reason (varchar(256)) as a JSON object with the shape { event, ...ctx }. The audit_log row carries tenant_id, actor_user_id, and timestamp as columns alongside — those are not duplicated in the envelope.