Add passkey credentialId to auth credential list#448
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✱ Stainless preview buildsThis PR will update the kotlin openapi python typescript Edit this comment to update them. They will appear in their respective SDK's changelogs. ✅ grid-python studio · code · diff
✅ grid-kotlin studio · code · diff
|
| 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. |
| 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. |
| 💡 Schema/ObjectHasNoProperties: Type information is missing for schema |
| 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. |
| 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. |
| 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. |
✅ grid-openapi studio · code · diff
Your SDK build had at least one new note diagnostic, which is a regression from the base state.
generate ✅New diagnostics (8 note)
💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. 💡 Schema/ObjectHasNoProperties: Type information is missing for schema 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. 💡 Schema/RequiredPropertyNotDefined: This schema marks `type` as `required`, but it isn't defined in `properties`, so it will be ignored. 💡 Schema/EnumHasOneMember: Confirm intentional use of `enum` with single member. 💡 Schema/EnumHasOneMember: Confirm intentional use of `enum` with single member.
This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-05-07 23:48:01 UTC
Greptile SummaryThis PR extends the
Confidence Score: 5/5Safe to merge — the changes are additive and well-scoped to the GET /auth/credentials list response without touching any other endpoint schemas. The discriminated union is correctly constructed: unevaluatedProperties: false on AuthMethodResponse prevents PASSKEY objects from matching that branch, and the required credentialId on PasskeyAuthMethod prevents EMAIL_OTP/OAUTH objects from matching the PASSKEY branch. The bundled files are in sync with the source. No existing endpoint contracts are broken. No files require special attention.
|
| Filename | Overview |
|---|---|
| openapi/components/schemas/auth/AuthCredentialListItem.yaml | New discriminated union routing EMAIL_OTP/OAUTH to AuthMethodResponse and PASSKEY to PasskeyAuthMethod; discriminator mapping is complete and correct |
| openapi/components/schemas/auth/PasskeyAuthMethod.yaml | New schema extending AuthMethod with required credentialId; correctly uses allOf and restricts type to PASSKEY for discriminator routing |
| openapi/components/schemas/auth/AuthCredentialListResponse.yaml | Single-line change swapping the list item ref from AuthMethod to AuthCredentialListItem, correctly delegating to the new discriminated union |
| openapi/paths/auth/auth_credentials.yaml | GET /auth/credentials example updated to show all three credential types (EMAIL_OTP, OAUTH, PASSKEY) with credentialId present only on the PASSKEY entry |
| openapi.yaml | Bundled file regenerated consistently with source changes; AuthMethodResponse relocated earlier, PasskeyAuthMethod and AuthCredentialListItem added in correct position |
| mintlify/openapi.yaml | Mintlify bundled file mirrors openapi.yaml changes; doc-site schema and example are updated in sync |
Sequence Diagram
sequenceDiagram
participant Client
participant API as Grid API
Client->>API: POST /auth/credentials (type: PASSKEY, attestation)
API-->>Client: 201 AuthMethodResponse (id, type, nickname — no credentialId)
Client->>API: "GET /auth/credentials?accountId=..."
API-->>Client: 200 AuthCredentialListResponse
note over Client,API: data[] = AuthCredentialListItem (oneOf)
note over Client,API: EMAIL_OTP/OAUTH → AuthMethodResponse
note over Client,API: PASSKEY → PasskeyAuthMethod (+ credentialId)
Client->>Client: "navigator.credentials.get({allowCredentials: [{id: credentialId}]})"
Reviews (2): Last reviewed commit: "Add passkey credentialId to auth credent..." | Re-trigger Greptile
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
9190274 to
04167e9
Compare
DhruvPareek
changed the base branch from
graphite-base/448
to
auth-v2-session-request-id-contract
DhruvPareek
force-pushed
the
auth-v2-session-request-id-contract
branch
from
014a693 to
a60c666
Compare
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
04167e9 to
01c31c0
Compare
DhruvPareek
force-pushed
the
auth-v2-session-request-id-contract
branch
from
a60c666 to
f25ca4f
Compare
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
01c31c0 to
7833483
Compare
DhruvPareek
force-pushed
the
auth-v2-session-request-id-contract
branch
2 times, most recently
from
651a738 to
74ce1d0
Compare
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
7833483 to
b45b4dd
Compare
✱ Stainless preview builds for gridThis PR will update the kotlin openapi python typescript
|
DhruvPareek
changed the base branch from
auth-v2-session-request-id-contract
to
graphite-base/448
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
b45b4dd to
f4a5bb1
Compare
DhruvPareek
force-pushed
the
graphite-base/448
branch
from
74ce1d0 to
db1473a
Compare
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
f4a5bb1 to
853808d
Compare
| credentials include the WebAuthn `credentialId` needed to target a specific | ||
| registered passkey; other credential types use the base `AuthMethod` shape. | ||
| oneOf: | ||
| - $ref: ./AuthMethodResponse.yaml |
There was a problem hiding this comment.
why does this use authmethodresponse instead of authmethod? I don't quite understand what
unevaluatedProperties: false
does
DhruvPareek
force-pushed
the
auth-passkey-list-credential-id-openapi
branch
from
853808d to
54232a4
Compare
|
okay the sdk was messed up |
|
The issue with AuthMethodResponse | PasskeyAuthMethod was that PASSKEY could match both sides. |
|
So I split the list response into one schema per discriminator value (EMAIL_OTP, OAUTH, PASSKEY) |
|
I also pulled the shared fields into AuthMethodBase so we still reuse the common auth-method shape |
|
We couldn't just reuse AuthMethod for the list response because AuthMethod.type can be (EMAIL_OTP | OAUTH | PASSKEY), so if we reuse it inside the list union, the generated SDK can’t reliably know that type === "PASSKEY" means credentialId exists |
|
Wait actually stainless still doesn't like this way of doing it |
| format: date-time | ||
| description: Last update timestamp. | ||
| example: '2026-04-08T15:35:00Z' | ||
| title: Auth Method |
There was a problem hiding this comment.
is there anything that still references authMethod?
|
Okay just going to make credentialId an optional field here |
2 participants
Summary:
https://docs.google.com/document/d/18f3pLcXbLein9McsXxiPzVJMmXhBFGWQ-6Gys5WILLk/edit?tab=t.zg1lhkeq1hek
Test: