openstack-experimental · gtema · Sep 15, 2025 · Sep 12, 2025
diff --git a/src/api/v4/auth/passkey/finish.rs b/src/api/v4/auth/passkey/finish.rs
@@ -22,7 +22,7 @@ use crate::api::v4::auth::passkey::types::{
 };
 use crate::api::{
     error::{KeystoneApiError, WebauthnError},
-    v4::auth::token::types::{Token as ApiToken, TokenResponse as ApiTokenResponse},
+    v4::auth::token::types::{Token as ApiResponseToken, TokenResponse},
 };
 use crate::auth::{AuthenticatedInfo, AuthenticationError, AuthzInfo};
 use crate::identity::IdentityApi;
@@ -39,7 +39,7 @@ use crate::token::TokenApi;
     operation_id = "/auth/passkey/finish:post",
     request_body = PasskeyAuthenticationFinishRequest,
     responses(
-        (status = OK, description = "Authentication Token object", body = ApiTokenResponse,
+        (status = OK, description = "Authentication Token object", body = TokenResponse,
         headers(
             ("x-subject-token" = String, description = "Keystone token"),
         )
@@ -109,7 +109,9 @@ pub(super) async fn finish(
         .get_token_provider()
         .issue_token(authed_info, AuthzInfo::Unscoped)?;
 
-    let api_token = ApiToken::from_provider_token(&state, &token).await?;
+    let mut api_token = TokenResponse {
+        token: ApiResponseToken::from_provider_token(&state, &token).await?,
+    };
     Ok((
         StatusCode::OK,
         [(

diff --git a/src/api/v4/auth/passkey/start.rs b/src/api/v4/auth/passkey/start.rs
@@ -50,12 +50,12 @@ pub(super) async fn start(
     state
         .provider
         .get_identity_provider()
-        .delete_user_passkey_authentication_state(&state.db, &req.user_id)
+        .delete_user_passkey_authentication_state(&state.db, &req.passkey.user_id)
         .await?;
     let allow_credentials: Vec<Passkey> = state
         .provider
         .get_identity_provider()
-        .list_user_passkeys(&state.db, &req.user_id)
+        .list_user_passkeys(&state.db, &req.passkey.user_id)
         .await?
         .into_iter()
         .collect();
@@ -67,9 +67,9 @@ pub(super) async fn start(
             state
                 .provider
                 .get_identity_provider()
-                .save_user_passkey_authentication_state(&state.db, &req.user_id, auth_state)
+                .save_user_passkey_authentication_state(&state.db, &req.passkey.user_id, auth_state)
                 .await?;
-            Json(rcr)
+            Json(PasskeyAuthenticationStartResponse::from(rcr))
         }
         Err(e) => {
             debug!("challenge_register -> {:?}", e);

diff --git a/src/api/v4/auth/passkey/types.rs b/src/api/v4/auth/passkey/types.rs
@@ -20,6 +20,13 @@ use utoipa::ToSchema;
 /// Request for initialization of the passkey authentication.
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize, ToSchema)]
 pub struct PasskeyAuthenticationStartRequest {
+    /// The user authentication data
+    pub passkey: PasskeyUserAuthenticationRequest,
+}
+
+/// Request for initialization of the passkey authentication.
+#[derive(Clone, Debug, Deserialize, PartialEq, Serialize, ToSchema)]
+pub struct PasskeyUserAuthenticationRequest {
     /// The ID of the user that is authenticating.
     pub user_id: String,
 }