Skip to content
Nhost Documentation
Support Dashboard

Elevate access for an already signed in user using FIDO2 Webauthn

POST
/elevate/webauthn

Generate a Webauthn challenge for elevating user permissions

Authorizations

Section titled “Authorizations ”

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Challenge sent for elevation

object
challenge
required

Base64url-encoded binary data

string format: byte
timeout

A time, in milliseconds, that the caller is willing to wait for the call to complete

integer
rpId

The RP ID the credential should be scoped to

string
allowCredentials

A list of CredentialDescriptor objects representing public key credentials acceptable to the caller

Array<object>
object
type
required

The valid credential types

string
Allowed values: public-key
id
required

Base64url-encoded binary data

string format: byte
transports

The authenticator transports that can be used

Array<string>
Allowed values: usb nfc ble smart-card hybrid internal
userVerification

A requirement for user verification for the operation

string
default: preferred
Allowed values: required preferred discouraged
hints

Hints to help guide the user through the experience

Array<string>
Allowed values: security-key client-device hybrid
extensions

Additional parameters requesting additional processing by the client and authenticator

object
key
additional properties
any

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked