@stackframe/stack-shared 2.6.12 → 2.6.15

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @stackframe/stack-shared
 
+## 2.6.15
+
+### Patch Changes
+
+- Passkeys
+  - @stackframe/stack-sc@2.6.15
+
+## 2.6.14
+
+### Patch Changes
+
+- @stackframe/stack-sc@2.6.14
+
+## 2.6.13
+
+### Patch Changes
+
+- Updated docs
+  - @stackframe/stack-sc@2.6.13
+
 ## 2.6.12
 
 ### Patch Changes

package/dist/interface/clientInterface.d.ts

@@ -1,6 +1,7 @@
 import { KnownErrors } from '../known-errors';
 import { AccessToken, InternalSession, RefreshToken } from '../sessions';
 import { ReadonlyJson } from '../utils/json';
+import { AuthenticationResponseJSON, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON } from '../utils/passkey';
 import { Result } from "../utils/results";
 import { ContactChannelsCrud } from './crud/contact-channels';
 import { CurrentUserCrud } from './crud/current-user';
@@ -73,12 +74,24 @@ export declare class StackClientInterface {
     }, session: InternalSession): Promise<KnownErrors["PasswordRequirementsNotMet"] | undefined>;
     verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
     verifyEmail(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
+    initiatePasskeyRegistration(options: {}, session: InternalSession): Promise<Result<{
+        options_json: PublicKeyCredentialCreationOptionsJSON;
+        code: string;
+    }, KnownErrors[]>>;
+    registerPasskey(options: {
+        credential: RegistrationResponseJSON;
+        code: string;
+    }, session: InternalSession): Promise<Result<undefined, KnownErrors["PasskeyRegistrationFailed"]>>;
+    initiatePasskeyAuthentication(options: {}, session: InternalSession): Promise<Result<{
+        options_json: PublicKeyCredentialRequestOptionsJSON;
+        code: string;
+    }, KnownErrors[]>>;
     sendTeamInvitation(options: {
         email: string;
         teamId: string;
         callbackUrl: string;
         session: InternalSession | null;
-    }): Promise<Result<undefined, KnownErrors["TeamPermissionRequired"]>>;
+    }): Promise<void>;
     acceptTeamInvitation<T extends 'use' | 'details' | 'check'>(options: {
         code: string;
         session: InternalSession;
@@ -104,6 +117,13 @@ export declare class StackClientInterface {
         accessToken: string;
         refreshToken: string;
     }, KnownErrors["VerificationCodeError"]>>;
+    signInWithPasskey(body: {
+        authentication_response: AuthenticationResponseJSON;
+        code: string;
+    }): Promise<Result<{
+        accessToken: string;
+        refreshToken: string;
+    }, KnownErrors["PasskeyAuthenticationFailed"]>>;
     getOAuthUrl(options: {
         provider: string;
         redirectUrl: string;

package/dist/interface/clientInterface.js

@@ -413,8 +413,47 @@ export class StackClientInterface {
             return Result.ok(undefined);
         }
     }
+    async initiatePasskeyRegistration(options, session) {
+        const res = await this.sendClientRequestAndCatchKnownError("/auth/passkey/initiate-passkey-registration", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(options),
+        }, session, []);
+        if (res.status === "error") {
+            return Result.error(res.error);
+        }
+        return Result.ok(await res.data.json());
+    }
+    async registerPasskey(options, session) {
+        const res = await this.sendClientRequestAndCatchKnownError("/auth/passkey/register", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(options),
+        }, session, [KnownErrors.PasskeyRegistrationFailed]);
+        if (res.status === "error") {
+            return Result.error(res.error);
+        }
+        return Result.ok(undefined);
+    }
+    async initiatePasskeyAuthentication(options, session) {
+        const res = await this.sendClientRequestAndCatchKnownError("/auth/passkey/initiate-passkey-authentication", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(options),
+        }, session, []);
+        if (res.status === "error") {
+            return Result.error(res.error);
+        }
+        return Result.ok(await res.data.json());
+    }
     async sendTeamInvitation(options) {
-        const res = await this.sendClientRequestAndCatchKnownError("/team-invitations/send-code", {
+        await this.sendClientRequest("/team-invitations/send-code", {
             method: "POST",
             headers: {
                 "Content-Type": "application/json"
@@ -424,13 +463,7 @@ export class StackClientInterface {
                 team_id: options.teamId,
                 callback_url: options.callbackUrl,
             }),
-        }, options.session, [KnownErrors.TeamPermissionRequired]);
-        if (res.status === "error") {
-            return Result.error(res.error);
-        }
-        else {
-            return Result.ok(undefined);
-        }
+        }, options.session);
     }
     async acceptTeamInvitation(options) {
         const res = await this.sendClientRequestAndCatchKnownError(options.type === 'check' ?
@@ -533,6 +566,23 @@ export class StackClientInterface {
             newUser: result.is_new_user,
         });
     }
+    async signInWithPasskey(body) {
+        const res = await this.sendClientRequestAndCatchKnownError("/auth/passkey/sign-in", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(body),
+        }, null, [KnownErrors.PasskeyAuthenticationFailed]);
+        if (res.status === "error") {
+            return Result.error(res.error);
+        }
+        const result = await res.data.json();
+        return Result.ok({
+            accessToken: result.access_token,
+            refreshToken: result.refresh_token,
+        });
+    }
     async getOAuthUrl(options) {
         const updatedRedirectUrl = new URL(options.redirectUrl);
         for (const key of ["code", "state"]) {

package/dist/interface/crud/current-user.d.ts

@@ -13,6 +13,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         primary_email_verified: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
         selected_team_id: string | null;
         signed_up_at_millis: number;
@@ -45,6 +46,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -73,6 +75,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -104,6 +107,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -116,6 +120,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         display_name: string | null | undefined;
         profile_image_url: string | null | undefined;
         client_metadata: {} | null | undefined;
+        passkey_auth_enabled: boolean | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
         selected_team_id: string | null | undefined;
@@ -128,6 +133,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email: undefined;
         primary_email_verified: undefined;
         primary_email_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         password: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
@@ -142,6 +148,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email: string | null | undefined;
         primary_email_verified: boolean | undefined;
         primary_email_auth_enabled: boolean | undefined;
+        passkey_auth_enabled: boolean | undefined;
         password: string | null | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
@@ -155,6 +162,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email: undefined;
         primary_email_verified: undefined;
         primary_email_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         password: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;

package/dist/interface/crud/current-user.js

@@ -9,6 +9,7 @@ const clientUpdateSchema = usersCrudServerUpdateSchema.pick([
     "selected_team_id",
     "totp_secret_base64",
     "otp_auth_enabled",
+    "passkey_auth_enabled",
 ]).required();
 const serverUpdateSchema = usersCrudServerUpdateSchema;
 const clientReadSchema = usersCrudServerReadSchema.pick([
@@ -26,6 +27,7 @@ const clientReadSchema = usersCrudServerReadSchema.pick([
     "selected_team_id",
     "requires_totp_mfa",
     "otp_auth_enabled",
+    "passkey_auth_enabled",
 ]).concat(yupObject({
     selected_team: teamsCrudClientReadSchema.nullable().defined(),
 })).nullable().defined(); // TODO: next-release: make required

package/dist/interface/crud/projects.d.ts

@@ -12,6 +12,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
         sign_up_enabled: NonNullable<boolean | undefined>;
         credential_enabled: NonNullable<boolean | undefined>;
         magic_link_enabled: NonNullable<boolean | undefined>;
+        passkey_enabled: NonNullable<boolean | undefined>;
         legacy_global_jwt_signing: NonNullable<boolean | undefined>;
         client_team_creation_enabled: NonNullable<boolean | undefined>;
         client_user_deletion_enabled: NonNullable<boolean | undefined>;
@@ -61,6 +62,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
         sign_up_enabled: undefined;
         credential_enabled: undefined;
         magic_link_enabled: undefined;
+        passkey_enabled: undefined;
         legacy_global_jwt_signing: undefined;
         client_team_creation_enabled: undefined;
         client_user_deletion_enabled: undefined;
@@ -88,6 +90,7 @@ export declare const projectsCrudClientReadSchema: import("yup").ObjectSchema<{
         sign_up_enabled: NonNullable<boolean | undefined>;
         credential_enabled: NonNullable<boolean | undefined>;
         magic_link_enabled: NonNullable<boolean | undefined>;
+        passkey_enabled: NonNullable<boolean | undefined>;
         client_team_creation_enabled: NonNullable<boolean | undefined>;
         client_user_deletion_enabled: NonNullable<boolean | undefined>;
         enabled_oauth_providers: {
@@ -101,6 +104,7 @@ export declare const projectsCrudClientReadSchema: import("yup").ObjectSchema<{
         sign_up_enabled: undefined;
         credential_enabled: undefined;
         magic_link_enabled: undefined;
+        passkey_enabled: undefined;
         client_team_creation_enabled: undefined;
         client_user_deletion_enabled: undefined;
         enabled_oauth_providers: undefined;
@@ -115,6 +119,7 @@ export declare const projectsCrudAdminUpdateSchema: import("yup").ObjectSchema<{
         sign_up_enabled?: boolean | undefined;
         credential_enabled?: boolean | undefined;
         magic_link_enabled?: boolean | undefined;
+        passkey_enabled?: boolean | undefined;
         legacy_global_jwt_signing?: false | undefined;
         client_team_creation_enabled?: boolean | undefined;
         client_user_deletion_enabled?: boolean | undefined;
@@ -163,6 +168,7 @@ export declare const projectsCrudAdminCreateSchema: import("yup").ObjectSchema<{
         sign_up_enabled?: boolean | undefined;
         credential_enabled?: boolean | undefined;
         magic_link_enabled?: boolean | undefined;
+        passkey_enabled?: boolean | undefined;
         legacy_global_jwt_signing?: false | undefined;
         client_team_creation_enabled?: boolean | undefined;
         client_user_deletion_enabled?: boolean | undefined;
@@ -213,6 +219,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             sign_up_enabled: NonNullable<boolean | undefined>;
             credential_enabled: NonNullable<boolean | undefined>;
             magic_link_enabled: NonNullable<boolean | undefined>;
+            passkey_enabled: NonNullable<boolean | undefined>;
             client_team_creation_enabled: NonNullable<boolean | undefined>;
             client_user_deletion_enabled: NonNullable<boolean | undefined>;
             enabled_oauth_providers: {
@@ -226,6 +233,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             sign_up_enabled: undefined;
             credential_enabled: undefined;
             magic_link_enabled: undefined;
+            passkey_enabled: undefined;
             client_team_creation_enabled: undefined;
             client_user_deletion_enabled: undefined;
             enabled_oauth_providers: undefined;
@@ -244,6 +252,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             sign_up_enabled: NonNullable<boolean | undefined>;
             credential_enabled: NonNullable<boolean | undefined>;
             magic_link_enabled: NonNullable<boolean | undefined>;
+            passkey_enabled: NonNullable<boolean | undefined>;
             legacy_global_jwt_signing: NonNullable<boolean | undefined>;
             client_team_creation_enabled: NonNullable<boolean | undefined>;
             client_user_deletion_enabled: NonNullable<boolean | undefined>;
@@ -293,6 +302,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             sign_up_enabled: undefined;
             credential_enabled: undefined;
             magic_link_enabled: undefined;
+            passkey_enabled: undefined;
             legacy_global_jwt_signing: undefined;
             client_team_creation_enabled: undefined;
             client_user_deletion_enabled: undefined;
@@ -322,6 +332,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             sign_up_enabled?: boolean | undefined;
             credential_enabled?: boolean | undefined;
             magic_link_enabled?: boolean | undefined;
+            passkey_enabled?: boolean | undefined;
             legacy_global_jwt_signing?: false | undefined;
             client_team_creation_enabled?: boolean | undefined;
             client_user_deletion_enabled?: boolean | undefined;
@@ -400,6 +411,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             sign_up_enabled: NonNullable<boolean | undefined>;
             credential_enabled: NonNullable<boolean | undefined>;
             magic_link_enabled: NonNullable<boolean | undefined>;
+            passkey_enabled: NonNullable<boolean | undefined>;
             legacy_global_jwt_signing: NonNullable<boolean | undefined>;
             client_team_creation_enabled: NonNullable<boolean | undefined>;
             client_user_deletion_enabled: NonNullable<boolean | undefined>;
@@ -449,6 +461,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             sign_up_enabled: undefined;
             credential_enabled: undefined;
             magic_link_enabled: undefined;
+            passkey_enabled: undefined;
             legacy_global_jwt_signing: undefined;
             client_team_creation_enabled: undefined;
             client_user_deletion_enabled: undefined;
@@ -478,6 +491,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             sign_up_enabled?: boolean | undefined;
             credential_enabled?: boolean | undefined;
             magic_link_enabled?: boolean | undefined;
+            passkey_enabled?: boolean | undefined;
             legacy_global_jwt_signing?: false | undefined;
             client_team_creation_enabled?: boolean | undefined;
             client_user_deletion_enabled?: boolean | undefined;

package/dist/interface/crud/projects.js

@@ -43,12 +43,13 @@ export const projectsCrudAdminReadSchema = yupObject({
         sign_up_enabled: schemaFields.projectSignUpEnabledSchema.required(),
         credential_enabled: schemaFields.projectCredentialEnabledSchema.required(),
         magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.required(),
+        passkey_enabled: schemaFields.projectPasskeyEnabledSchema.required(),
         // TODO: remove this
         legacy_global_jwt_signing: schemaFields.yupBoolean().required(),
         client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.required(),
         client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.required(),
         oauth_providers: yupArray(oauthProviderSchema.required()).required(),
-        enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.required()).required(),
+        enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.required()).required().meta({ openapiField: { hidden: true } }),
         domains: yupArray(domainSchema.required()).required(),
         email_config: emailConfigSchema.required(),
         create_team_on_sign_up: schemaFields.projectCreateTeamOnSignUpSchema.required(),
@@ -63,9 +64,10 @@ export const projectsCrudClientReadSchema = yupObject({
         sign_up_enabled: schemaFields.projectSignUpEnabledSchema.required(),
         credential_enabled: schemaFields.projectCredentialEnabledSchema.required(),
         magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.required(),
+        passkey_enabled: schemaFields.projectPasskeyEnabledSchema.required(),
         client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.required(),
         client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.required(),
-        enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.required()).required(),
+        enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.required()).required().meta({ openapiField: { hidden: true } }),
     }).required(),
 }).required();
 export const projectsCrudAdminUpdateSchema = yupObject({
@@ -76,6 +78,7 @@ export const projectsCrudAdminUpdateSchema = yupObject({
         sign_up_enabled: schemaFields.projectSignUpEnabledSchema.optional(),
         credential_enabled: schemaFields.projectCredentialEnabledSchema.optional(),
         magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.optional(),
+        passkey_enabled: schemaFields.projectPasskeyEnabledSchema.optional(),
         client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.optional(),
         client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.optional(),
         legacy_global_jwt_signing: schemaFields.yupBoolean().isFalse().optional(),

package/dist/interface/crud/team-member-profiles.d.ts

@@ -31,6 +31,7 @@ export declare const teamMemberProfilesCrudServerReadSchema: import("yup").Objec
         server_metadata: {} | null;
         primary_email_verified: NonNullable<boolean | undefined>;
         primary_email_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
         selected_team_id: string | null;
         selected_team: {
@@ -73,6 +74,7 @@ export declare const teamMemberProfilesCrudServerReadSchema: import("yup").Objec
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -122,6 +124,7 @@ export declare const teamMemberProfilesCrud: import("../../crud").CrudSchemaFrom
             server_metadata: {} | null;
             primary_email_verified: NonNullable<boolean | undefined>;
             primary_email_auth_enabled: NonNullable<boolean | undefined>;
+            passkey_auth_enabled: NonNullable<boolean | undefined>;
             otp_auth_enabled: NonNullable<boolean | undefined>;
             selected_team_id: string | null;
             selected_team: {
@@ -164,6 +167,7 @@ export declare const teamMemberProfilesCrud: import("../../crud").CrudSchemaFrom
             signed_up_at_millis: undefined;
             has_password: undefined;
             otp_auth_enabled: undefined;
+            passkey_auth_enabled: undefined;
             client_metadata: undefined;
             client_read_only_metadata: undefined;
             server_metadata: undefined;

package/dist/interface/crud/users.d.ts

@@ -8,6 +8,7 @@ export declare const usersCrudServerUpdateSchema: import("yup").ObjectSchema<{
     primary_email: string | null | undefined;
     primary_email_verified: boolean | undefined;
     primary_email_auth_enabled: boolean | undefined;
+    passkey_auth_enabled: boolean | undefined;
     password: string | null | undefined;
     otp_auth_enabled: boolean | undefined;
     totp_secret_base64: string | null | undefined;
@@ -21,6 +22,7 @@ export declare const usersCrudServerUpdateSchema: import("yup").ObjectSchema<{
     primary_email: undefined;
     primary_email_verified: undefined;
     primary_email_auth_enabled: undefined;
+    passkey_auth_enabled: undefined;
     password: undefined;
     otp_auth_enabled: undefined;
     totp_secret_base64: undefined;
@@ -46,6 +48,7 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     signed_up_at_millis: number;
     has_password: NonNullable<boolean | undefined>;
     otp_auth_enabled: NonNullable<boolean | undefined>;
+    passkey_auth_enabled: NonNullable<boolean | undefined>;
     client_metadata: {} | null;
     client_read_only_metadata: {} | null;
     server_metadata: {} | null;
@@ -77,6 +80,7 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     signed_up_at_millis: undefined;
     has_password: undefined;
     otp_auth_enabled: undefined;
+    passkey_auth_enabled: undefined;
     client_metadata: undefined;
     client_read_only_metadata: undefined;
     server_metadata: undefined;
@@ -95,6 +99,7 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
     server_metadata: {} | null | undefined;
     primary_email_verified: boolean | undefined;
     primary_email_auth_enabled: boolean | undefined;
+    passkey_auth_enabled: boolean | undefined;
     otp_auth_enabled: boolean | undefined;
     totp_secret_base64: string | null | undefined;
 } & {
@@ -112,6 +117,7 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
     primary_email: undefined;
     primary_email_verified: undefined;
     primary_email_auth_enabled: undefined;
+    passkey_auth_enabled: undefined;
     password: undefined;
     otp_auth_enabled: undefined;
     totp_secret_base64: undefined;
@@ -140,6 +146,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -171,6 +178,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -188,6 +196,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email: string | null | undefined;
         primary_email_verified: boolean | undefined;
         primary_email_auth_enabled: boolean | undefined;
+        passkey_auth_enabled: boolean | undefined;
         password: string | null | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
@@ -201,6 +210,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email: undefined;
         primary_email_verified: undefined;
         primary_email_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         password: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
@@ -216,6 +226,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         server_metadata: {} | null | undefined;
         primary_email_verified: boolean | undefined;
         primary_email_auth_enabled: boolean | undefined;
+        passkey_auth_enabled: boolean | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
     } & {
@@ -233,6 +244,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email: undefined;
         primary_email_verified: undefined;
         primary_email_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         password: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
@@ -291,6 +303,7 @@ export declare const userCreatedWebhookEvent: {
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -322,6 +335,7 @@ export declare const userCreatedWebhookEvent: {
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -358,6 +372,7 @@ export declare const userUpdatedWebhookEvent: {
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -389,6 +404,7 @@ export declare const userUpdatedWebhookEvent: {
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;

package/dist/interface/crud/users.js

@@ -10,6 +10,7 @@ export const usersCrudServerUpdateSchema = fieldSchema.yupObject({
     primary_email: fieldSchema.primaryEmailSchema.nullable().optional(),
     primary_email_verified: fieldSchema.primaryEmailVerifiedSchema.optional(),
     primary_email_auth_enabled: fieldSchema.primaryEmailAuthEnabledSchema.optional(),
+    passkey_auth_enabled: fieldSchema.userOtpAuthEnabledSchema.optional(),
     password: fieldSchema.userPasswordMutationSchema.optional(),
     otp_auth_enabled: fieldSchema.userOtpAuthEnabledMutationSchema.optional(),
     totp_secret_base64: fieldSchema.userTotpSecretMutationSchema.optional(),
@@ -27,6 +28,7 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
     signed_up_at_millis: fieldSchema.signedUpAtMillisSchema.required(),
     has_password: fieldSchema.userHasPasswordSchema.required(),
     otp_auth_enabled: fieldSchema.userOtpAuthEnabledSchema.required(),
+    passkey_auth_enabled: fieldSchema.userOtpAuthEnabledSchema.required(),
     client_metadata: fieldSchema.userClientMetadataSchema,
     client_read_only_metadata: fieldSchema.userClientReadOnlyMetadataSchema,
     server_metadata: fieldSchema.userServerMetadataSchema,
@@ -35,7 +37,7 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
         id: fieldSchema.yupString().required(),
         account_id: fieldSchema.yupString().required(),
         email: fieldSchema.yupString().nullable(),
-    }).required()).required().meta({ openapiField: { hidden: true, description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
+    }).required()).required().meta({ openapiField: { hidden: true } }),
     /**
      * @deprecated
      */
@@ -50,7 +52,7 @@ export const usersCrudServerCreateSchema = usersCrudServerUpdateSchema.omit(['se
         id: fieldSchema.yupString().required(),
         account_id: fieldSchema.yupString().required(),
         email: fieldSchema.yupString().nullable().defined().default(null),
-    }).required()).optional(),
+    }).required()).optional().meta({ openapiField: { hidden: true } }),
 }).required());
 export const usersCrudServerDeleteSchema = fieldSchema.yupMixed();
 export const usersCrud = createCrud({

package/dist/interface/webhooks.d.ts

@@ -30,6 +30,7 @@ export declare const webhookEvents: readonly [{
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -61,6 +62,7 @@ export declare const webhookEvents: readonly [{
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;
@@ -96,6 +98,7 @@ export declare const webhookEvents: readonly [{
         signed_up_at_millis: number;
         has_password: NonNullable<boolean | undefined>;
         otp_auth_enabled: NonNullable<boolean | undefined>;
+        passkey_auth_enabled: NonNullable<boolean | undefined>;
         client_metadata: {} | null;
         client_read_only_metadata: {} | null;
         server_metadata: {} | null;
@@ -127,6 +130,7 @@ export declare const webhookEvents: readonly [{
         signed_up_at_millis: undefined;
         has_password: undefined;
         otp_auth_enabled: undefined;
+        passkey_auth_enabled: undefined;
         client_metadata: undefined;
         client_read_only_metadata: undefined;
         server_metadata: undefined;

package/dist/known-errors.d.ts

@@ -251,6 +251,9 @@ export declare const KnownErrors: {
     PasswordAuthenticationNotEnabled: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSWORD_AUTHENTICATION_NOT_ENABLED">, []> & {
         errorCode: "PASSWORD_AUTHENTICATION_NOT_ENABLED";
     };
+    PasskeyAuthenticationNotEnabled: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSKEY_AUTHENTICATION_NOT_ENABLED">, []> & {
+        errorCode: "PASSKEY_AUTHENTICATION_NOT_ENABLED";
+    };
     EmailPasswordMismatch: KnownErrorConstructor<KnownError & KnownErrorBrand<"EMAIL_PASSWORD_MISMATCH">, []> & {
         errorCode: "EMAIL_PASSWORD_MISMATCH";
     };
@@ -308,6 +311,15 @@ export declare const KnownErrors: {
     EmailIsNotPrimaryEmail: KnownErrorConstructor<KnownError & KnownErrorBrand<"EMAIL_IS_NOT_PRIMARY_EMAIL">, [email: string, primaryEmail: string | null]> & {
         errorCode: "EMAIL_IS_NOT_PRIMARY_EMAIL";
     };
+    PasskeyRegistrationFailed: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSKEY_REGISTRATION_FAILED">, [message: string]> & {
+        errorCode: "PASSKEY_REGISTRATION_FAILED";
+    };
+    PasskeyWebAuthnError: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSKEY_WEBAUTHN_ERROR">, [message: string, code: string]> & {
+        errorCode: "PASSKEY_WEBAUTHN_ERROR";
+    };
+    PasskeyAuthenticationFailed: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSKEY_AUTHENTICATION_FAILED">, [message: string]> & {
+        errorCode: "PASSKEY_AUTHENTICATION_FAILED";
+    };
     PermissionNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"PERMISSION_NOT_FOUND">, [permissionId: string]> & {
         errorCode: "PERMISSION_NOT_FOUND";
     };

package/dist/known-errors.js

@@ -328,6 +328,10 @@ const PasswordAuthenticationNotEnabled = createKnownErrorConstructor(KnownError,
     400,
     "Password authentication is not enabled for this project.",
 ], () => []);
+const PasskeyAuthenticationNotEnabled = createKnownErrorConstructor(KnownError, "PASSKEY_AUTHENTICATION_NOT_ENABLED", () => [
+    400,
+    "Passkey authentication is not enabled for this project.",
+], () => []);
 const EmailPasswordMismatch = createKnownErrorConstructor(KnownError, "EMAIL_PASSWORD_MISMATCH", () => [
     400,
     "Wrong e-mail or password.",
@@ -396,6 +400,22 @@ const EmailIsNotPrimaryEmail = createKnownErrorConstructor(KnownError, "EMAIL_IS
         primary_email: primaryEmail,
     },
 ], (json) => [json.email, json.primary_email]);
+const PasskeyRegistrationFailed = createKnownErrorConstructor(KnownError, "PASSKEY_REGISTRATION_FAILED", (message) => [
+    400,
+    message,
+], (json) => [json.message]);
+const PasskeyWebAuthnError = createKnownErrorConstructor(KnownError, "PASSKEY_WEBAUTHN_ERROR", (message, code) => [
+    400,
+    message,
+    {
+        message,
+        code,
+    },
+], (json) => [json.message, json.code]);
+const PasskeyAuthenticationFailed = createKnownErrorConstructor(KnownError, "PASSKEY_AUTHENTICATION_FAILED", (message) => [
+    400,
+    message,
+], (json) => [json.message]);
 const PermissionNotFound = createKnownErrorConstructor(KnownError, "PERMISSION_NOT_FOUND", (permissionId) => [
     404,
     `Permission "${permissionId}" not found. Make sure you created it on the dashboard.`,
@@ -586,6 +606,7 @@ export const KnownErrors = {
     ProjectNotFound,
     SignUpNotEnabled,
     PasswordAuthenticationNotEnabled,
+    PasskeyAuthenticationNotEnabled,
     EmailPasswordMismatch,
     RedirectUrlNotWhitelisted,
     PasswordRequirementsNotMet,
@@ -601,6 +622,9 @@ export const KnownErrors = {
     EmailAlreadyVerified,
     EmailNotAssociatedWithUser,
     EmailIsNotPrimaryEmail,
+    PasskeyRegistrationFailed,
+    PasskeyWebAuthnError,
+    PasskeyAuthenticationFailed,
     PermissionNotFound,
     ContainedPermissionNotFound,
     TeamNotFound,

package/dist/schema-fields.d.ts

@@ -39,6 +39,7 @@ export declare const projectConfigIdSchema: yup.StringSchema<string | undefined,
 export declare const projectAllowLocalhostSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectCreateTeamOnSignUpSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectMagicLinkEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectPasskeyEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectClientTeamCreationEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectClientUserDeletionEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectSignUpEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
@@ -83,6 +84,7 @@ export declare const userOAuthProviderSchema: yup.ObjectSchema<{
     provider_user_id: undefined;
 }, "">;
 export declare const userLastActiveAtMillisSchema: yup.NumberSchema<number | null | undefined, yup.AnyObject, undefined, "">;
+export declare const userPasskeyAuthEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userOtpAuthEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userOtpAuthEnabledMutationSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userHasPasswordSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;

package/dist/schema-fields.js

@@ -203,6 +203,7 @@ export const projectConfigIdSchema = yupString().meta({ openapiField: { descript
 export const projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { description: 'Whether localhost is allowed as a domain for this project. Should only be allowed in development mode', exampleValue: true } });
 export const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: 'Whether a team should be created for each user that signs up', exampleValue: true } });
 export const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });
+export const projectPasskeyEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether passkey authentication is enabled for this project', exampleValue: true } });
 export const projectClientTeamCreationEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can create teams', exampleValue: true } });
 export const projectClientUserDeletionEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can delete their own account from the client', exampleValue: true } });
 export const projectSignUpEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether users can sign up new accounts, or whether they are only allowed to sign in to existing accounts. Regardless of this option, the server API can always create new users with the `POST /users` endpoint.', exampleValue: true } });
@@ -263,6 +264,7 @@ export const userOAuthProviderSchema = yupObject({
     provider_user_id: yupString().required(),
 });
 export const userLastActiveAtMillisSchema = yupNumber().nullable().meta({ openapiField: { description: _lastActiveAtMillisDescription, exampleValue: 1630000000000 } });
+export const userPasskeyAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has passkeys enabled', exampleValue: false } });
 export const userOtpAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. ', exampleValue: true } });
 export const userOtpAuthEnabledMutationSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. Note that only accounts with verified emails can sign-in with OTP.', exampleValue: true } });
 export const userHasPasswordSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has a password set. If the user does not have a password set, they will not be able to sign in with email/password.', exampleValue: true } });

package/dist/utils/passkey.d.ts

@@ -0,0 +1 @@
+export type { AuthenticationResponseJSON, RegistrationResponseJSON, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialRequestOptionsJSON, AuthenticatorAttestationResponseJSON } from "@simplewebauthn/types";

package/dist/utils/passkey.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.12",
+  "version": "2.6.15",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -32,15 +32,17 @@
     }
   },
   "dependencies": {
+    "@simplewebauthn/browser": "^11.0.0",
     "bcrypt": "^5.1.1",
     "elliptic": "^6.5.7",
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.6.12"
+    "@stackframe/stack-sc": "2.6.15"
   },
   "devDependencies": {
+    "@simplewebauthn/types": "^11.0.0",
     "@types/bcrypt": "^5.0.2",
     "@types/elliptic": "^6.4.18",
     "@types/react": "^18.2.66",