Verify WebAuthn authentication verification

POST /api/experience/verification/web-authn/authentication/verify

Verifies the WebAuthn authentication response against the user's authentication challenge. Upon successful verification, the verification record will be marked as verified.

application/json

Body Required

verificationId string Required

The verification ID of the WebAuthn authentication verification record.
payload object Required

The WebAuthn assertion response from the user's WebAuthn credential.
Hide payload attributes Show payload attributes object
- type string("WebAuthn") Required
- id string Required
- rawId string Required
- authenticatorAttachment string
  
  Values are cross-platform or platform.
- clientExtensionResults object Required
  Hide clientExtensionResults attributes Show clientExtensionResults attributes object
  
  appid boolean
  
  crepProps object
  
  Hide crepProps attribute Show crepProps attribute object
  
  rk boolean
  
  hmacCreateSecret boolean
- response object Required
  Hide response attributes Show response attributes object
  
  clientDataJSON string Required
  
  authenticatorData string Required
  
  signature string Required
  
  userHandle string

Responses

200 application/json

The WebAuthn authentication has been successfully verified.
Hide response attribute Show response attribute object
- verificationId string Required
  
  The unique verification ID of the WebAuthn authentication verification record.
400

Invalid request.
- session.mfa.pending_info_not_found: The WebAuthn authentication challenge is missing in the current verification record.
- session.mfa.webauthn_verification_failed: The WebAuthn assertion response is invalid or cannot be verified.
404

Verification record not found.

POST /api/experience/verification/web-authn/authentication/verify

curl \
 -X POST https://[tenant_id].logto.app/api/experience/verification/web-authn/authentication/verify \
 -H "Content-Type: application/json" \
 -d '{"verificationId":"string","payload":{"type":"string","id":"string","rawId":"string","authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true},"response":{"clientDataJSON":"string","authenticatorData":"string","signature":"string","userHandle":"string"}}}'

Request examples

{
  "verificationId": "string",
  "payload": {
    "type": "string",
    "id": "string",
    "rawId": "string",
    "authenticatorAttachment": "cross-platform",
    "clientExtensionResults": {
      "appid": true,
      "crepProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    },
    "response": {
      "clientDataJSON": "string",
      "authenticatorData": "string",
      "signature": "string",
      "userHandle": "string"
    }
  }
}

Response examples (200)

{
  "verificationId": "string"
}