@W-21056536 Error handling Passkey Registration and Login#3672
Conversation
…n components; add utility function for passkey error messages
…place deprecated error message function with a new utility for improved clarity and add handling for too many registration attempts.
…ude mappings for various error responses and ensure correct message descriptors are returned.
…able passkey login tests, handle user cancellation errors, and ensure proper rendering of UI elements during authentication.
…test clarity; mock configurations for passkey enabled/disabled scenarios, and ensure proper UI rendering during authentication processes.
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
…nents; replace showToast with showRegisterPasskeyToast for improved clarity and functionality. Update tests to validate passkey registration toast display after successful login, ensuring proper configuration checks and UI rendering.
… messages for unavailable features and authentication API errors. Update related tests to ensure correct message mappings for various error responses.
This reverts commit 977e9ea.
…fully, including early returns for 412 status. Improve passkey authentication error handling by adding console error logging in AuthModal and Login components.
…passkey-registration-and-login
…s components to standardize user feedback. Replace specific error messages with a generic "Something went wrong. Try again!" message. Update tests to reflect these changes and ensure consistent error handling in the UI.
…n' of https://github.com/SalesforceCommerceCloud/pwa-kit into W-21056536-error-handling-passkey-registration-and-login
| let credential | ||
| try { | ||
| credential = await navigator.credentials.create({ | ||
| publicKey | ||
| }) | ||
| } catch (createError) { | ||
| // Handle user cancellation or other errors from the WebAuthn API | ||
| if (createError.name === 'NotAllowedError' || createError.name === 'AbortError') { | ||
| throw new Error('Passkey registration was cancelled or timed out') | ||
| } | ||
| throw createError | ||
| } |
There was a problem hiding this comment.
during registration, any errors from the browser should tell the user that soemthing went wrong. Instead of throwing a custom error, we let the error be thrown automatically and handle it in the catch below
| if (config?.app?.login?.passkey?.enabled) { | ||
| // Show passkey registration modal only if Webauthn feature flag is enabled and compatible with the browser | ||
| if ( | ||
| window.PublicKeyCredential && | ||
| window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable && | ||
| window.PublicKeyCredential.isConditionalMediationAvailable | ||
| ) { | ||
| Promise.all([ | ||
| window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable(), | ||
| window.PublicKeyCredential.isConditionalMediationAvailable() | ||
| ]).then((results) => { | ||
| if (results.every((r) => r === true)) { | ||
| showToast() | ||
| } | ||
| }) | ||
| } | ||
| } |
There was a problem hiding this comment.
moved this logic into showRegisterPasskeyToast as it's duplicated here and in the login page
| // 412 is returned when user attempts to authenticate within 1 minute of a previous attempt | ||
| // We return early in this case to avoid showing an error to the user | ||
| if (error.response?.status === 412) { | ||
| return | ||
| } |
There was a problem hiding this comment.
The most common 412 error from the startWebauthnAuthenticationResponse is when a user attempts to start the passkey login multiple times within a minute.
Because the passkey login prompt is triggered automatically upon opening the login form, we fail silently for a 412 to avoid causing confusion.
| if (error.name == 'NotAllowedError') { | ||
| return | ||
| } | ||
| console.error('Error getting passkey credential from browser:', error) |
There was a problem hiding this comment.
we log any errors returned from the browser to help in debugging.
API errors are automatically logged by pwa kit
| defaultMessage: 'Failed to register passkey' | ||
| }) | ||
|
|
||
| console.error('Error registering passkey:', err) |
There was a problem hiding this comment.
although API errors are automatically logged, we want to ensure the errors from the browser and custom errors that are thrown are logged to help in debugging issues.
… for clarity in the WebAuthn registration process.
…passkey-registration-and-login
hajinsuha1
added
the
skip changelog
…passkey-registration-and-login
…passkey-registration-and-login
|
Decisions in the code and errors look fair to me. When putting an invalid OTP for registration, I'm seeing "Something went wrong. Try again!" instead of the invalid token. The API response was seeing.something.went.wrong.try.again.mov |
…status code and adjust corresponding test case
…n' of https://github.com/SalesforceCommerceCloud/pwa-kit into W-21056536-error-handling-passkey-registration-and-login
Thanks for catching that! Looks like when deployed to MRT the proxy/cdn strips the status messsage. I've updated it to display "Invalid token" on 401. This should be okay as they'd only get a 401 at this step for a invalid token You can see it working here: https://wasatch-mrt-passwordless-poc.mrt-storefront-staging.com 
|
| const otpCode = '12345678' | ||
|
|
||
| mockStartWebauthnRegistration.mockRejectedValue(new Error('Unauthorized')) | ||
| mockStartWebauthnRegistration.mockRejectedValue(new Error('401')) |
There was a problem hiding this comment.
later if we touch this file again, we should update the tests to mock commerce-sdk-react using msw!
hajinsuha1
deleted the
W-21056536-error-handling-passkey-registration-and-login
branch
3 participants
Description
Display user-friendly error messages for errors during passkey login and registration
Doc listing all error message mapping: https://salesforce.quip.com/97bPANYv5D2U
After a lot of thinking, I chose to use a more generic error handling approach of returning a "Something went wrong. Try again!" error for most cases because passkey login is triggered automatically rather than via a button.
Types of Changes
Changes
How to Test-Drive This PR
Unit Tests
Since CI is broken for now becasue we are using
commerce-sdk-isomorphicpreview versionEnsure the modified unit tests pass:
Passkey Login Errors
Cancelling does not display error
Screenshare.-.2026-02-19.2_48_29.PM.mp4
Screenshare.-.2026-02-19.2_23_07.PM.mp4
412 from timeout does not display error
Screenshare.-.2026-02-19.2_20_18.PM.mp4
Screenshare.-.2026-02-19.2_21_15.PM.mp4
401 client error displays error
useSLASPrivateClientsettings are not enabled. This means the /start call will return a 401 Unauthorized as the correct auth headers are not sent.Passkey Registration Errors
Cancelling displays error
Screenshare.-.2026-02-19.2_17_17.PM.mp4
401 from entering incorrect token
Screenshare.-.2026-02-19.2_18_39.PM.mp4
Checklists
General
Accessibility Compliance
You must check off all items in one of the follow two lists:
or...
Localization