Verify WebAuthn authentication verification
Verifies the WebAuthn authentication response against the user's authentication challenge. Upon successful verification, the verification record will be marked as verified.
Body Required
-
The verification ID of the WebAuthn authentication verification record.
-
The WebAuthn assertion response from the user's WebAuthn credential.
Additional properties are allowed.
Responses
-
200 application/json
The WebAuthn authentication has been successfully verified.
-
Invalid request.
-session.mfa.pending_info_not_found:
The WebAuthn authentication challenge is missing in the current verification record.
-session.mfa.webauthn_verification_failed:
The WebAuthn assertion response is invalid or cannot be verified. -
Verification record not found.
POST
/api/experience/verification/web-authn/authentication/verify
curl \
-X POST https://[tenant_id].logto.app/api/experience/verification/web-authn/authentication/verify \
-H "Content-Type: application/json" \
-d '{"verificationId":"string","payload":{"type":"string","id":"string","rawId":"string","authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true},"response":{"clientDataJSON":"string","authenticatorData":"string","signature":"string","userHandle":"string"}}}'
Request examples
{
"verificationId": "string",
"payload": {
"type": "string",
"id": "string",
"rawId": "string",
"authenticatorAttachment": "cross-platform",
"clientExtensionResults": {
"appid": true,
"crepProps": {
"rk": true
},
"hmacCreateSecret": true
},
"response": {
"clientDataJSON": "string",
"authenticatorData": "string",
"signature": "string",
"userHandle": "string"
}
}
}
Response examples (200)
{
"verificationId": "string"
}