From e21a9d6046281d2e130f51552e709a9cf7c465e8 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 27 Apr 2026 20:57:37 +0200
Subject: [PATCH] fix: override WebAuthn type in authentication verify too
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Same fix as registration verify — @simplewebauthn/browser returns
type: "public-key" but Logto expects type: "WebAuthn".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 ui/sign-in/src/experience-api.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/sign-in/src/experience-api.ts b/ui/sign-in/src/experience-api.ts
index 8e1c0d9..d526387 100644
--- a/ui/sign-in/src/experience-api.ts
+++ b/ui/sign-in/src/experience-api.ts
@@ -287,7 +287,7 @@ export async function startWebAuthnAuth(): Promise<{ verificationId: string; aut
 }
 
 export async function verifyWebAuthnAuth(verificationId: string, payload: Record<string, unknown>): Promise<string> {
-  const res = await request('POST', '/verification/web-authn/authentication/verify', { verificationId, payload });
+  const res = await request('POST', '/verification/web-authn/authentication/verify', { verificationId, payload: { ...payload, type: 'WebAuthn' } });
   if (!res.ok) {
     const err = await res.json().catch(() => ({}));
     if (res.status === 422) {