Verify WebAuthn authentication verification

POST /api/experience/verification/web-authn/authentication/verify

Verifies the WebAuthn authentication response against the user's authentication challenge. Upon successful verification, the verification record will be marked as verified.

application/json

Body Required

  • verificationId string Required

    The verification ID of the WebAuthn authentication verification record.

  • payload object Required

    The WebAuthn assertion response from the user's WebAuthn credential.

    Hide payload attributes Show payload attributes object
    • type string("WebAuthn") Required
    • id string Required
    • rawId string Required
    • authenticatorAttachment string

      Values are cross-platform or platform.

    • clientExtensionResults object Required
      Hide clientExtensionResults attributes Show clientExtensionResults attributes object
      • appid boolean
      • crepProps object
        Hide crepProps attribute Show crepProps attribute object
        • rk boolean
      • hmacCreateSecret boolean
    • response object Required
      Hide response attributes Show response attributes object
      • clientDataJSON string Required
      • authenticatorData string Required
      • signature string Required
      • userHandle string

Responses

  • 200 application/json

    The WebAuthn authentication has been successfully verified.

    Hide response attribute Show response attribute object
    • verificationId string Required

      The unique verification ID of the WebAuthn authentication verification record.

  • 400

    Invalid request.
    - session.mfa.pending_info_not_found: The WebAuthn authentication challenge is missing in the current verification record.
    - session.mfa.webauthn_verification_failed: The WebAuthn assertion response is invalid or cannot be verified.

  • 404

    Verification record not found.

POST /api/experience/verification/web-authn/authentication/verify
curl \
 --request POST 'https://[tenant_id].logto.app/api/experience/verification/web-authn/authentication/verify' \
 --header "Content-Type: application/json" \
 --data '{"verificationId":"string","payload":{"type":"string","id":"string","rawId":"string","authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true},"response":{"clientDataJSON":"string","authenticatorData":"string","signature":"string","userHandle":"string"}}}'
Request examples
{
  "verificationId": "string",
  "payload": {
    "type": "string",
    "id": "string",
    "rawId": "string",
    "authenticatorAttachment": "cross-platform",
    "clientExtensionResults": {
      "appid": true,
      "crepProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    },
    "response": {
      "clientDataJSON": "string",
      "authenticatorData": "string",
      "signature": "string",
      "userHandle": "string"
    }
  }
}
Response examples (200)
{
  "verificationId": "string"
}