Verify WebAuthn registration verification
Verify the WebAuthn registration response against the user's WebAuthn registration challenge. If the response is valid, the WebAuthn registration record will be marked as verified.
Body Required
-
The verification ID of the WebAuthn registration record.
-
The WebAuthn attestation response from the user's WebAuthn credential.
Additional properties are allowed.
Responses
-
200 application/json
The WebAuthn registration has been successfully verified.
-
Invalid request.
-session.mfa.pending_info_not_found:
The WebAuthn registration challenge is missing from the current verification record.
-session.mfa.webauthn_verification_failed:
The WebAuthn attestation response is invalid or cannot be verified. -
Verification record not found.
POST
/api/experience/verification/web-authn/registration/verify
curl \
-X POST https://[tenant_id].logto.app/api/experience/verification/web-authn/registration/verify \
-H "Content-Type: application/json" \
-d '{"verificationId":"string","payload":{"type":"string","id":"string","rawId":"string","response":{"clientDataJSON":"string","attestationObject":"string","authenticatorData":"string","transports":["usb"],"publicKeyAlgorithm":42.0,"publicKey":"string"},"authenticatorAttachment":"cross-platform","clientExtensionResults":{"appid":true,"crepProps":{"rk":true},"hmacCreateSecret":true}}}'
Request examples
{
"verificationId": "string",
"payload": {
"type": "string",
"id": "string",
"rawId": "string",
"response": {
"clientDataJSON": "string",
"attestationObject": "string",
"authenticatorData": "string",
"transports": [
"usb"
],
"publicKeyAlgorithm": 42.0,
"publicKey": "string"
},
"authenticatorAttachment": "cross-platform",
"clientExtensionResults": {
"appid": true,
"crepProps": {
"rk": true
},
"hmacCreateSecret": true
}
}
}
Response examples (200)
{
"verificationId": "string"
}