From 75236e6a532faca8a246589bf686d3dc08ac2156 Mon Sep 17 00:00:00 2001
From: Dream Hunter <dreamhunter2333@gmail.com>
Date: Mon, 9 Mar 2026 03:06:54 +0800
Subject: [PATCH] fix: passkey user verification compatibility for v13 (#883)

fix: disable requireUserVerification for passkey auth compatibility

@simplewebauthn/server v13 defaults requireUserVerification to true,
causing "User verification required, but user could not be verified"
errors for existing passkeys and authenticators that don't enforce UV.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---
 worker/src/user_api/passkey.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/worker/src/user_api/passkey.ts b/worker/src/user_api/passkey.ts
index cf5d201a..496001e3 100644
--- a/worker/src/user_api/passkey.ts
+++ b/worker/src/user_api/passkey.ts
@@ -88,7 +88,7 @@ export default {
                 return true;
             },
             expectedOrigin: origin,
-            requireUserVerification: true,
+            requireUserVerification: false,
         });
         const { verified, registrationInfo } = verification;
 
@@ -162,6 +162,7 @@ export default {
             },
             expectedOrigin: origin,
             expectedRPID: domain,
+            requireUserVerification: false,
             credential: {
                 id: passkeyData.id,
                 publicKey: isoBase64URL.toBuffer(passkeyData.publicKey),