/passkeys/registration/begin GET => POST

server/cmd/museum/main.go

@@ -487,7 +487,7 @@ func main() {
 	accountsJwtAuthAPI.GET("/passkeys", passkeysHandler.GetPasskeys)
 	accountsJwtAuthAPI.PATCH("/passkeys/:passkeyID", passkeysHandler.RenamePasskey)
 	accountsJwtAuthAPI.DELETE("/passkeys/:passkeyID", passkeysHandler.DeletePasskey)
-	accountsJwtAuthAPI.GET("/passkeys/registration/begin", passkeysHandler.BeginRegistration)
+	accountsJwtAuthAPI.POST("/passkeys/registration/begin", passkeysHandler.BeginRegistration)
 	accountsJwtAuthAPI.POST("/passkeys/registration/finish", passkeysHandler.FinishRegistration)
 
 	collectionHandler := &api.CollectionHandler{

web/apps/accounts/src/services/passkey.ts

@@ -143,6 +143,7 @@ interface BeginPasskeyRegistrationResponse {
 const beginPasskeyRegistration = async () => {
     const url = `${apiOrigin()}/passkeys/registration/begin`;
     const res = await fetch(url, {
+        method: "POST",
         headers: accountsAuthenticatedRequestHeaders(),
     });
     if (!res.ok) throw new Error(`Failed to fetch ${url}: HTTP ${res.status}`);

web/docs/webauthn-passkeys.md

@@ -107,7 +107,7 @@ func (u *PasskeyUser) WebAuthnCredentials() []webauthn.Credential {
 }
 ```
 
-#### GET /passkeys/registration/begin
+#### POST /passkeys/registration/begin
 
 ##### Headers
 
@@ -348,7 +348,7 @@ window.location.href = `${accountsAppURL()}/passkeys/verify?passkeySessionID=${p
 
 ### Requesting publicKey options (begin)
 
-#### GET /users/two-factor/passkeys/begin
+#### POST /users/two-factor/passkeys/begin
 
 ##### Query parameters