verifyElevateWebauthn

Verify FIDO2 Webauthn authentication using public-key cryptography for elevation

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/elevate/webauthn/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "email": "john.smith@nhost.io",
  "credential": {
    "id": "<string>",
    "type": "<string>",
    "rawId": "aSDinaTvuI8gbWludGxpZnk=",
    "clientExtensionResults": {
      "appid": true,
      "credProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    },
    "authenticatorAttachment": "<string>",
    "response": {
      "clientDataJSON": "<string>",
      "authenticatorData": "<string>",
      "signature": "<string>",
      "userHandle": "<string>"
    }
  }
}'

{
  "session": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "accessTokenExpiresIn": 900,
    "refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "user": {
      "avatarUrl": "https://myapp.com/avatars/user123.jpg",
      "createdAt": "2023-01-15T12:34:56Z",
      "defaultRole": "user",
      "displayName": "John Smith",
      "email": "john.smith@nhost.io",
      "emailVerified": true,
      "id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
      "isAnonymous": false,
      "locale": "en",
      "metadata": {
        "firstName": "John",
        "lastName": "Smith"
      },
      "phoneNumber": "+12025550123",
      "phoneNumberVerified": false,
      "roles": [
        "user",
        "customer"
      ],
      "activeMfaType": "<string>"
    }
  }
}

POST

elevate

webauthn

verify

Verify FIDO2 Webauthn authentication using public-key cryptography for elevation

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/elevate/webauthn/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "email": "john.smith@nhost.io",
  "credential": {
    "id": "<string>",
    "type": "<string>",
    "rawId": "aSDinaTvuI8gbWludGxpZnk=",
    "clientExtensionResults": {
      "appid": true,
      "credProps": {
        "rk": true
      },
      "hmacCreateSecret": true
    },
    "authenticatorAttachment": "<string>",
    "response": {
      "clientDataJSON": "<string>",
      "authenticatorData": "<string>",
      "signature": "<string>",
      "userHandle": "<string>"
    }
  }
}'

{
  "session": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "accessTokenExpiresIn": 900,
    "refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "user": {
      "avatarUrl": "https://myapp.com/avatars/user123.jpg",
      "createdAt": "2023-01-15T12:34:56Z",
      "defaultRole": "user",
      "displayName": "John Smith",
      "email": "john.smith@nhost.io",
      "emailVerified": true,
      "id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
      "isAnonymous": false,
      "locale": "en",
      "metadata": {
        "firstName": "John",
        "lastName": "Smith"
      },
      "phoneNumber": "+12025550123",
      "phoneNumberVerified": false,
      "roles": [
        "user",
        "customer"
      ],
      "activeMfaType": "<string>"
    }
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication with JWT access token. Used to authenticate requests to protected endpoints.

Body

application/json

WebAuthn credential assertion response for elevation verification

credential

object

required

Show child attributes

string<email>

deprecated

A valid email. Deprecated, no longer used

Example:

"john.smith@nhost.io"

Response

Elevated successfully

Container for session information

session

object

User authentication session containing tokens and user information

Show child attributes

/elevate/webauthn /healthz

⌘I

Backend Services

Client Libraries

Client Libraries (deprecated)

CLI

Authorizations

Body

Response