When using the WebAuthn autofill UI, the /webauthn-login route will receive the selected credential without the login param. It's possible the credential was deleted from the database, this will currently fall through to a "no matching login" field error, which isn't accurate because we're not matching by login here.
To improve this, throw a dedicated field error in this case. It won't be visible in HTML, but it helps make the failure clear for JSON and internal requests. I noticed this when I was working on internal request support for WebAuthn, where the current error message was misleading.
When using the WebAuthn autofill UI, the
/webauthn-login
route will receive the selected credential without the login param. It's possible the credential was deleted from the database, this will currently fall through to a "no matching login" field error, which isn't accurate because we're not matching by login here.To improve this, throw a dedicated field error in this case. It won't be visible in HTML, but it helps make the failure clear for JSON and internal requests. I noticed this when I was working on internal request support for WebAuthn, where the current error message was misleading.