fix(passkey): remove email from query (#4740)

2025-12-11 04:19:31 +00:00 · 2025-09-18 15:37:09 -07:00
parent 19d4b6ac94
commit 481cb5f19d
4 changed files with 9 additions and 22 deletions
--- a/docs/content/docs/plugins/passkey.mdx
+++ b/docs/content/docs/plugins/passkey.mdx
@@ -116,17 +116,10 @@ To sign in with a passkey you can use the `signIn.passkey` method. This will pro
 <APIMethod path="/sign-in/passkey" method="POST" isClientOnly>
 ```ts
 type signInPasskey = {
-    /**
-     * The email of the user to sign in.
-     */
-    email: string = "example@gmail.com"
    /**
     * Browser autofill, a.k.a. Conditional UI. Read more: https://simplewebauthn.dev/docs/packages/browser#browser-autofill-aka-conditional-ui
    */
    autoFill?: boolean = true
-    /**
-     * The URL to redirect to after the user has signed in.
-    */
 }
 ```
 </APIMethod>
@@ -135,7 +128,6 @@ type signInPasskey = {
 ```ts
 // With post authentication redirect
 await authClient.signIn.passkey({
-    email: "user@example.com",
    autoFill: true,
    fetchOptions: {
        onSuccess(context) {
--- a/packages/better-auth/src/plugins/passkey/client.ts
+++ b/packages/better-auth/src/plugins/passkey/client.ts
@@ -26,7 +26,6 @@ export const getPasskeyActions = (
 	const signInPasskey = async (
 		opts?: {
 			autoFill?: boolean;
-			email?: string;
 			fetchOptions?: BetterFetchOption;
 		},
 		options?: BetterFetchOption,
@@ -35,9 +34,6 @@ export const getPasskeyActions = (
 			"/passkey/generate-authenticate-options",
 			{
 				method: "POST",
-				body: {
-					email: opts?.email,
-				},
 			},
 		);
 		if (!response.data) {
--- a/packages/better-auth/src/plugins/passkey/index.ts
+++ b/packages/better-auth/src/plugins/passkey/index.ts
@@ -332,16 +332,6 @@ export const passkey = (options?: PasskeyOptions) => {
 				"/passkey/generate-authenticate-options",
 				{
 					method: "POST",
-					body: z
-						.object({
-							email: z
-								.string()
-								.meta({
-									description: "The email address of the user",
-								})
-								.optional(),
-						})
-						.optional(),
 					metadata: {
 						openapi: {
 							description: "Generate authentication options for a passkey",
--- a/packages/better-auth/src/plugins/passkey/passkey.test.ts
+++ b/packages/better-auth/src/plugins/passkey/passkey.test.ts
@@ -53,6 +53,15 @@ describe("passkey", async () => {
 		expect(options).toHaveProperty("userVerification");
 	});

+	it("should generate authenticate options without session (discoverable credentials)", async () => {
+		// Test without any session/auth headers - simulating a new sign-in with discoverable credentials
+		const options = await auth.api.generatePasskeyAuthenticationOptions({});
+		expect(options).toBeDefined();
+		expect(options).toHaveProperty("challenge");
+		expect(options).toHaveProperty("rpId");
+		expect(options).toHaveProperty("userVerification");
+	});
+
 	it("should list user passkeys", async () => {
 		const { headers, user } = await signInWithTestUser();
 		const context = await auth.$context;