bitfoundation · ysmoradi · Jan 2, 2026 · Jan 1, 2026 · Jan 1, 2026 · Jan 1, 2026
diff --git a/...nt/Boilerplate.Client.Core/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs b/...nt/Boilerplate.Client.Core/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs
@@ -123,15 +123,6 @@ private string GetMemoryUsage()
 
     private async Task ClearAppFiles()
     {
-        try
-        {
-            await userController.DeleteAllWebAuthnCredentials(CurrentCancellationToken);
-        }
-        catch (Exception exp)
-        {
-            logger.LogWarning(exp, "Failed to delete WebAuthn credentials during ClearAppStorage.");
-        }
-
         //#if (offlineDb == true)
         try
         {

diff --git a/...Client/Boilerplate.Client.Core/Components/Pages/Settings/Account/PasswordlessTab.razor.cs b/...Client/Boilerplate.Client.Core/Components/Pages/Settings/Account/PasswordlessTab.razor.cs
@@ -81,10 +81,20 @@ private async Task DisablePasswordless()
         }
         catch (Exception ex)
         {
-            // we can safely handle the exception thrown here since it mostly because of a timeout or user cancelling the native ui.
+            // we can safely ignore the exception thrown here since it mostly because of a timeout or user cancelling the native ui.
+            // In case passkey is no longer valid, the browser would show a message dialog itself.
             ExceptionHandler.Handle(ex, ExceptionDisplayKind.None);
             return;
         }
+        finally
+        {
+            // Regardless of whether the user actively cancelled the operation, it has timed out or the passkey is no longer valid,
+            // the browser throws the same generic error.
+            // As a result, we cannot reliably distinguish the root cause of the failure.
+            // To allow the user to attempt configuration again, we must clear the stored user ID here.
+            await webAuthnService.RemoveWebAuthnConfiguredUserId(User.Id);
+            isConfigured = false;
+        }
 
         var verifyResult = await identityController
             .WithQueryIf(AppPlatform.IsBlazorHybrid, "origin", localHttpServer.Origin)
@@ -94,23 +104,9 @@ await userController
             .WithQueryIf(AppPlatform.IsBlazorHybrid, "origin", localHttpServer.Origin)
             .DeleteWebAuthnCredential(assertion, CurrentCancellationToken);
 
-        await webAuthnService.RemoveWebAuthnConfiguredUserId(User.Id);
-
-        isConfigured = false;
-
         SnackBarService.Success(Localizer[nameof(AppStrings.DisablePasswordlessSucsessMessage)]);
     }
 
-    // Only for debugging purposes, uncomment the following lines and the corresponding lines in the razor file.
-    //private async Task DeleteAll()
-    //{
-    //    await userController.DeleteAllWebAuthnCredentials(CurrentCancellationToken);
-
-    //    await webAuthnService.RemoveWebAuthnConfigured();
-
-    //    isConfigured = false;
-    //}
-
     protected override async Task OnAfterFirstRenderAsync()
     {
         await base.OnAfterFirstRenderAsync();

diff --git a/...erplate/src/Server/Boilerplate.Server.Api/Controllers/Identity/UserController.WebAuthn.cs b/...erplate/src/Server/Boilerplate.Server.Api/Controllers/Identity/UserController.WebAuthn.cs
@@ -124,16 +124,6 @@ public async Task DeleteWebAuthnCredential(AuthenticatorAssertionRawResponse ass
             throw new ResourceNotFoundException();
     }
 
-    [HttpDelete]
-    public async Task DeleteAllWebAuthnCredentials(CancellationToken cancellationToken)
-    {
-        var userId = User.GetUserId();
-        var user = await userManager.FindByIdAsync(userId.ToString())
-                    ?? throw new ResourceNotFoundException();
-
-        var affectedRows = await DbContext.WebAuthnCredential.Where(c => c.UserId == userId).ExecuteDeleteAsync(cancellationToken);
-    }
-
     private static string GetWebAuthnCacheKey(Guid userId) => $"WebAuthn_Options_{userId}";
 
     private async Task<bool> IsCredentialIdUniqueToUser(IsCredentialIdUniqueToUserParams args, CancellationToken cancellationToken)

diff --git a/src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Controllers/Identity/IUserController.cs b/src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Controllers/Identity/IUserController.cs
@@ -60,9 +60,6 @@ public interface IUserController : IAppController
     [HttpDelete]
     Task DeleteWebAuthnCredential(JsonElement clientResponse, CancellationToken cancellationToken) => default!;
 
-    [HttpDelete]
-    Task DeleteAllWebAuthnCredentials(CancellationToken cancellationToken);
-
     //#if (signalR == true || notification == true)
     [HttpPost("{userSessionId}")]
     Task<UserSessionNotificationStatus> ToggleNotification(Guid userSessionId, CancellationToken cancellationToken);