Verify WebAuthn Authentication (beta)

POST /v1/auth/webauthn/verify

Verify and complete a WebAuthn credential authentication request. This endpoint requires that a user already exists and the BeginWebAuthnAuthentication has been called. Pass in the response from navigator.credentials.get(options) into public_key_credential as a JSON object. If you are using the webauthn-json library, pass in the response from let response = await get(options).

HTTP Request

POST /v1/auth/webauthn/verify

Returns

A successful response returns a webauthn_credential_id property and user_id property.

application/json

Body

public_key_credential object Required
Hide public_key_credential attributes Show public_key_credential attributes object
- type string Required
  
  Minimum length is 1.
- id string Required
  
  Minimum length is 1.
- rawId string Required
  
  Minimum length is 1.
- response object Required
  Hide response attributes Show response attributes object
  
  clientDataJSON string Required
  
  Minimum length is 1.
  
  authenticatorData string Required
  
  Minimum length is 1.
  
  signature string Required
  
  Minimum length is 1.
  
  userHandle string Required
  
  Minimum length is 1.
- clientExtensionResults object Required
session_expires_in number

Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.
session_token string

Optional Unique session token to verify.
session_jwt string

Optional Unique Session JWT to verify.

Responses

200 application/json

OK
Hide response attributes Show response attributes object
- user_id string Required
  
  Minimum length is 1.
- webauthn_credential_id string Required
  
  Minimum length is 1.
- session_token string
- session_jwt string
- session object
  
  Hide session attributes Show session attributes object
  
  id string Required
  
  Minimum length is 1.
  
  user_id string Required
  
  Minimum length is 1.
  
  session_token string Required
  
  Minimum length is 1.
  
  started_at number Required
  
  expires_at number Required
  
  last_active_at number Required
  
  factors array[object] Required
  
  At least 1 element.
  
  Hide factors attributes Show factors attributes object
  
  delivery_channel string Required
  
  Delivery channel for this factor. Possible values: sms, email, totp_authenticator, totp_recovery_code, google_oauth, apple_oauth, microsoft_oauth, discord_oauth, okta_oauth, github_oauth, slack_oauth, facebook_oauth, webauthn_credential, eth_wallet, sol_wallet.
  
  Minimum length is 1.
  
  type string Required
  
  Authentication type of factor. Possible values: otp, oauth, wallet, totp, webauthn.
  
  Minimum length is 1.
  
  method object Required
  
  Hide method attributes Show method attributes object
  
  id string
  
  method_id string Required
  
  Minimum length is 1.
  
  method_type string Required
  
  Identifier method type. Possible values: email, wallet, phone_number, webauthn.
  
  Minimum length is 1.
  
  last_verified_at number Required
  
  phone_number_id string
  
  Minimum length is 1.
  
  phone_number string
  
  Minimum length is 1.
  
  email_id string
  
  email string
  
  wallet_type string
  
  wallet_id string
  
  wallet_public_address string
  
  totp_id string
  
  webauthn_credential_id string
  
  provider_subject string
  
  device_fingerprint object Required
  
  Hide device_fingerprint attributes Show device_fingerprint attributes object
  
  user_agent string Required
  
  ip string Required
  
  Minimum length is 1.
  
  updated_at number Required
  
  created_at number Required

POST /v1/auth/webauthn/verify

curl \
 --request POST 'https://api.streambird.io/v1/auth/webauthn/verify' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"public_key_credential":{"id":"AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2","type":"public-key","rawId":"AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2","response":{"signature":"MEUCIHK7P7LOo8O-F9hyyNAziMJAB7mXrWanv1hjWb9LS5MfAiEApfIwc7uFVGW7dIvxJe1_YwR0_F6a_6GsxT7mCY9e2iU","userHandle":"dXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejE","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMG50bXhaWUEzOEJfMlJMUjdNTXlpeDk4RmVhd3BfVmRocUs0MVVHNFFpQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNCIsImNyb3NzT3JpZ2luIjpmYWxzZX0","authenticatorData":"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFYmcd8w"},"clientExtensionResults":{}}}'

Request example

{
  "public_key_credential": {
    "id": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "type": "public-key",
    "rawId": "AfrWIdqBscVPZiKM2SufpRbnJoFKi-YO_PXT4AGROgkuLuxeMI_JtqGmjZNbjAr4poY2hrVNtIHpKEg0_n4wonWzqxUL1gXS5KF9BgSbOLYFbz5n07W2",
    "response": {
      "signature": "MEUCIHK7P7LOo8O-F9hyyNAziMJAB7mXrWanv1hjWb9LS5MfAiEApfIwc7uFVGW7dIvxJe1_YwR0_F6a_6GsxT7mCY9e2iU",
      "userHandle": "dXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejE",
      "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMG50bXhaWUEzOEJfMlJMUjdNTXlpeDk4RmVhd3BfVmRocUs0MVVHNFFpQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNCIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
      "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFYmcd8w"
    },
    "clientExtensionResults": {}
  }
}

Response examples (200)

{
  "session": null,
  "user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
  "session_jwt": "",
  "session_token": "",
  "webauthn_credential_id": "webauthn_28AdsbHW3wTDHNpywVZnhxxogKQ"
}