Skip to main content
The user.passkey.assertion_failed event is triggered when a passkey assertion fails, during either step-up or primary-factor login. The typed reason and source fields let you branch without parsing free-form messages. The user_id, session_id and credential_id fields are best-effort and may be absent when the failure happens before the user is resolved.

Event payload

Emitted on any failed passkey assertion, during either step-up or primary-factor login. user_id, session_id and credential_id are best-effort: the login path can fail before the user is resolved, so they may be absent.

reason
enum<string>
required

The typed reason the assertion failed.

Available options:
invalid_assertion,
sign_count_replay,
token_invalid,
no_credentials
Example:

"invalid_assertion"

source
enum<string>
required

Which flow the assertion was part of.

Available options:
step_up,
login
Example:

"login"

occurred_at
string<date-time>
required
Example:

"2025-03-15T10:30:00Z"

user_id
string

An app's user's unique identifier. It is prefixed with 'usr_'

Examples:

"usr_01jqebhswje1ka1z7ahr9rfsgt"

"usr_01jqy7455pf8p9bap5qke912g1"

session_id
string

A user's session unique identifier. It is prefixed with 'ses_'

Example:

"ses_01jr0z5w2seq998trz7ftbb9rj"

credential_id
string

Base64url-no-padding-encoded WebAuthn credential id, when known.

Example:

"XKv4eJk7mGmJYI4r-hZxxBg"

correlation_id
string
Example:

"corr_01jqy7455pf8p9bap5qke912g1"