The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
grid-flow-builder	Ready	Preview, Comment	May 7, 2026 11:44pm

• Add wallet privacy endpoint to OpenAPI #452
• Add auth session refresh endpoints #451
• Add OTP email update endpoint to OpenAPI #450
• Add passkey credentialId to auth challenge response #449 👈 (View in Graphite)
• Add passkey credentialId to auth credential list #448
• Align auth session request-id contract #445 : 1 other dependent PR (#446 )
• Align auth credential create contract #444
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

✱ Stainless preview builds

This PR will update the grid SDKs with the following commit messages.

kotlin

feat(api): add credentialId field and Type enum to PasskeyAuthChallenge

openapi

feat(api): add credentialId field to passkey auth challenge response

python

feat(api): add credential_id and type fields to PasskeyAuthChallenge

typescript

feat(api): add credentialId and type fields to passkey auth challenge response

Edit this comment to update them. They will appear in their respective SDK's changelogs.

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-05-07 23:50:34 UTC

Greptile Summary

This PR extends PasskeyAuthChallenge to inherit from PasskeyAuthMethod (instead of the base AuthMethod) so that the challenge response carries credentialId alongside the existing challenge, requestId, and expiresAt fields. Documentation across the challenge endpoint description, response description, and the PasskeyAuthChallenge schema are updated consistently to guide clients on using credentialId as allowCredentials[].id in navigator.credentials.get().

• PasskeyAuthChallenge.yaml swaps its allOf base from AuthMethod to PasskeyAuthMethod, inheriting credentialId without duplicating its definition.
• The passkey challenge example in auth_credentials_{id}_challenge.yaml (and the bundled openapi.yaml / mintlify/openapi.yaml) is updated to include a sample credentialId value, completing the response shape.

Confidence Score: 5/5

Safe to merge — the change is a clean schema inheritance swap and documentation update with no structural risks.

The schema change is minimal and well-scoped: PasskeyAuthChallenge now inherits credentialId from PasskeyAuthMethod rather than from a separate definition. The oneOf discriminator in AuthCredentialResponseOneOf continues to work correctly because AuthMethodResponse's unevaluatedProperties: false will reject any PasskeyAuthChallenge response (which now carries credentialId in addition to the challenge fields). Documentation and examples are consistent across all three changed surfaces (modular YAML, root bundle, Mintlify bundle).

No files require special attention.

sequenceDiagram
    participant Client
    participant Grid API

    Client->>Grid API: POST /auth/credentials/{id}/challenge\n(clientPublicKey)
    Grid API-->>Client: PasskeyAuthChallenge\n{ credentialId, challenge, requestId, expiresAt, ...PasskeyAuthMethod fields }

    Note over Client: Pass credentialId as allowCredentials[].id\nPass challenge as WebAuthn challenge\nto navigator.credentials.get()

    Client->>Client: navigator.credentials.get()\n→ assertion

    Client->>Grid API: POST /auth/credentials/{id}/verify\n(assertion, Request-Id: requestId)
    Grid API-->>Client: Session

_{Reviews (1): Last reviewed commit: "Add passkey credentialId to auth challen..." | Re-trigger Greptile}