Skip to content
Nhost Documentation
Support Dashboard

Verify FIDO2 Webauthn authentication using public-key cryptography for elevation

POST
/elevate/webauthn/verify

Complete Webauthn elevation by verifying the authentication response

Authorizations

Section titled “Authorizations ”

Request Body required

Section titled “Request Body required ”

WebAuthn credential assertion response for elevation verification

object
email

A valid email. Deprecated, no longer used

string format: email
Example
john.smith@nhost.io
credential
required
object
id
required

The credential’s identifier

string
type
required

The credential type represented by this object

string
rawId
required

Base64url-encoded binary data

string format: byte
clientExtensionResults

Map of extension outputs from the client

object
appid

Application identifier extension output

boolean
credProps

Credential properties extension output

object
rk

Indicates if the credential is a resident key

boolean
hmacCreateSecret

HMAC secret extension output

boolean
key
additional properties
any
authenticatorAttachment

The authenticator attachment

string
response
required
object
clientDataJSON
required

Base64url encoded client data JSON

string
authenticatorData
required

Base64url encoded authenticator data

string
signature
required

Base64url encoded assertion signature

string
userHandle

Base64url encoded user handle

string
nullable

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Elevated successfully

Container for session information

object
session

User authentication session containing tokens and user information

object
accessToken
required

JWT token for authenticating API requests

string
Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
accessTokenExpiresIn
required

Expiration time of the access token in seconds

integer format: int64
Example
900
refreshTokenId
required

Identifier for the refresh token

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
refreshToken
required

Token used to refresh the access token

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
user

User profile and account information

object
avatarUrl
required

URL to the user’s profile picture

string
Example
https://myapp.com/avatars/user123.jpg
createdAt
required

Timestamp when the user account was created

string format: date-time
Example
2023-01-15T12:34:56Z
defaultRole
required

Default authorization role for the user

string
Example
user
displayName
required

User’s display name

string
Example
John Smith
email

User’s email address

string format: email
Example
john.smith@nhost.io
emailVerified
required

Whether the user’s email has been verified

boolean
Example
true
id
required

Unique identifier for the user

string
/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/
Example
2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24
isAnonymous
required

Whether this is an anonymous user account

boolean
locale
required

User’s preferred locale (language code)

string
>= 2 characters <= 3 characters
Example
en
metadata
required

Custom metadata associated with the user

object
key
additional properties
any
Example
{
  "firstName": "John",
  "lastName": "Smith"
}
phoneNumber

User’s phone number

string
Example
+12025550123
phoneNumberVerified
required

Whether the user’s phone number has been verified

boolean
roles
required

List of roles assigned to the user

Array<string>
Example
[
  "user",
  "customer"
]
activeMfaType

Active MFA type for the user

string
nullable

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked