pub fn auth_begin(
owner: String,
webauthn: &State<Option<WebauthnState>>,
store: &State<CeremonyStore>,
cookies: &CookieJar<'_>,
pool: &State<DbPool>,
) -> Result<Json<RequestChallengeResponse>, Status>Expand description
Sign in, step 1 (POST /admin/passkeys/auth/begin?owner=): begins a passkey authentication
for the named owner, seeded by that owner’s enrolled passkeys. Returns the WebAuthn
RequestChallengeResponse for navigator.credentials.get() and stashes the ceremony state.
404 if the owner has no enrolled passkeys (admin identities are not treated as secret — the
public deployment sits behind an Anubis proxy and the admin set is small), 503 if disabled.