diff --git a/src/main/java/com/ysoft/geecon/OAuthResource.java b/src/main/java/com/ysoft/geecon/OAuthResource.java
index 7ae6e9c..135917f 100644
--- a/src/main/java/com/ysoft/geecon/OAuthResource.java
+++ b/src/main/java/com/ysoft/geecon/OAuthResource.java
@@ -14,6 +14,7 @@ import io.quarkus.runtime.util.StringUtil;
 import io.quarkus.security.webauthn.WebAuthnLoginResponse;
 import io.quarkus.security.webauthn.WebAuthnRegisterResponse;
 import io.quarkus.security.webauthn.WebAuthnSecurity;
+import io.smallrye.common.annotation.Blocking;
 import io.vertx.ext.auth.webauthn.Authenticator;
 import io.vertx.ext.web.RoutingContext;
 import jakarta.inject.Inject;
@@ -38,7 +39,6 @@ public class OAuthResource {
     SessionsRepo sessionsRepo;
     @Inject
     UriInfo uriInfo;
-
     @Inject
     WebAuthnSecurity webAuthnSecurity;
 
@@ -72,6 +72,7 @@ public class OAuthResource {
     @GET
     @Path("passwordless")
     @Produces(MediaType.TEXT_HTML)
+    @Blocking
     public TemplateInstance getPasswordless(AuthParams params) {
         var client = validateClient(params);
         String sessionId = sessionsRepo.newAuthorizationSession(params, client);
@@ -82,6 +83,7 @@ public class OAuthResource {
     @Path("passwordless/register")
     @Produces(MediaType.TEXT_HTML)
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Blocking
     public TemplateInstance registerPasswordless(@FormParam("sessionId") String sessionId,
                                                  @BeanParam WebAuthnRegisterResponse webAuthnResponse,
                                                  RoutingContext ctx) {
@@ -105,6 +107,7 @@ public class OAuthResource {
     @Path("passwordless/login")
     @Produces(MediaType.TEXT_HTML)
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Blocking
     public TemplateInstance loginPasswordless(@FormParam("sessionId") String sessionId,
                                               @BeanParam WebAuthnLoginResponse webAuthnResponse,
                                               RoutingContext ctx) {
diff --git a/src/main/resources/templates/OAuthResource/loginPasswordless.html b/src/main/resources/templates/OAuthResource/loginPasswordless.html
index 26d2fa1..ee5c6b3 100644
--- a/src/main/resources/templates/OAuthResource/loginPasswordless.html
+++ b/src/main/resources/templates/OAuthResource/loginPasswordless.html
@@ -116,7 +116,7 @@
 </div>
 
 <form action="#" method="POST">
-    <input name="sessionId" type="hidden" value="somesessionid">
+    <input name="sessionId" type="hidden" value="{sessionId}">
     <div id="form-generated"></div>
 </form>
 </div>
@@ -257,7 +257,7 @@
         result.replaceChildren();
         webAuthn.loginOnly({ name: userName })
             .then(body => {
-                form("/webauthn/login", {
+                form("/auth/passwordless/login", {
                     'webAuthnId': body.id,
                     'webAuthnRawId': body.rawId,
                     'webAuthnResponseClientDataJSON': body.response.clientDataJSON,
@@ -286,7 +286,7 @@
 
         webAuthn.registerOnly({ name: userName, displayName: userName /*firstName + " " + lastName*/})
             .then(body => {
-                form("/webauthn/register", {
+                form("/auth/passwordless/register", {
                     'webAuthnId': body.id,
                     'webAuthnRawId': body.rawId,
                     'webAuthnResponseAttestationObject': body.response.attestationObject,