Generate WebAuthn registration options

POST /api/verifications/web-authn/registration

Generate WebAuthn registration options for the user to register a new WebAuthn device.

Responses

  • 200 application/json

    Successfully generated the WebAuthn registration options.

    Hide response attributes Show response attributes object
    • verificationRecordId string Required
    • registrationOptions object Required
      Hide registrationOptions attributes Show registrationOptions attributes object
      • rp object Required
        Hide rp attributes Show rp attributes object
        • name string Required
        • id string
      • user object Required
        Hide user attributes Show user attributes object
        • id string Required
        • name string Required
        • displayName string Required
      • challenge string Required
      • pubKeyCredParams array[object] Required
        Hide pubKeyCredParams attributes Show pubKeyCredParams attributes object
        • type string("public-key") Required
        • alg number Required
      • timeout number
      • excludeCredentials array[object]
        Hide excludeCredentials attributes Show excludeCredentials attributes object
        • type string("public-key") Required
        • id string Required
        • transports array[string]

          Values are usb, nfc, ble, internal, cable, hybrid, or smart-card.

      • authenticatorSelection object
        Hide authenticatorSelection attributes Show authenticatorSelection attributes object
        • authenticatorAttachment string

          Values are platform or cross-platform.

        • requireResidentKey boolean
        • residentKey string

          Values are discouraged, preferred, or required.

        • userVerification string

          Values are required, preferred, or discouraged.

      • attestation string

        Values are none, indirect, direct, or enterprise.

      • extensions object
        Hide extensions attributes Show extensions attributes object
        • appid string
        • credProps boolean
        • hmacCreateSecret boolean
    • expiresAt string Required
  • 401

    Unauthorized

  • 403

    Forbidden

POST /api/verifications/web-authn/registration
curl \
 --request POST 'https://[tenant_id].logto.app/api/verifications/web-authn/registration' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200)
{
  "verificationRecordId": "string",
  "registrationOptions": {
    "rp": {
      "name": "string",
      "id": "string"
    },
    "user": {
      "id": "string",
      "name": "string",
      "displayName": "string"
    },
    "challenge": "string",
    "pubKeyCredParams": [
      {
        "type": "string",
        "alg": 42.0
      }
    ],
    "timeout": 42.0,
    "excludeCredentials": [
      {
        "type": "string",
        "id": "string",
        "transports": [
          "usb"
        ]
      }
    ],
    "authenticatorSelection": {
      "authenticatorAttachment": "platform",
      "requireResidentKey": true,
      "residentKey": "discouraged",
      "userVerification": "required"
    },
    "attestation": "none",
    "extensions": {
      "appid": "string",
      "credProps": true,
      "hmacCreateSecret": true
    }
  },
  "expiresAt": "string"
}