Backend Services
- GET/.well-known/jwks.json
- POST/elevate/webauthn
- POST/elevate/webauthn/verify
- HEAD/healthz
- GET/healthz
- POST/link/idtoken
- GET/mfa/totp/generate
- POST/pat
- POST/signin/anonymous
- POST/signin/email-password
- POST/signin/idtoken
- POST/signin/mfa/totp
- POST/signin/otp/email
- POST/signin/otp/email/verify
- POST/signin/passwordless/email
- POST/signin/passwordless/sms
- POST/signin/passwordless/sms/otp
- POST/signin/pat
- GET/signin/provider/{provider}
- GET/signin/provider/{provider}/callback
- GET/signin/provider/{provider}/callback/tokens
- POST/signin/provider/{provider}/callback
- POST/signin/webauthn
- POST/signin/webauthn/verify
- POST/signout
- POST/signup/email-password
- POST/signup/webauthn
- POST/signup/webauthn/verify
- POST/token
- POST/token/provider/{provider}
- POST/token/verify
- GET/user
- POST/user/deanonymize
- POST/user/email/change
- POST/user/email/send-verification-email
- POST/user/mfa
- POST/user/password
- POST/user/password/reset
- POST/user/webauthn/add
- POST/user/webauthn/verify
- GET/verify
- GET/version
- GET
Client Libraries
Client Libraries (deprecated)
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/webauthn/verify \
--header 'Content-Type: application/json' \
--data '
{
"credential": {
"id": "<string>",
"type": "<string>",
"rawId": "aSDinaTvuI8gbWludGxpZnk=",
"response": {
"clientDataJSON": "<string>",
"authenticatorData": "<string>",
"signature": "<string>",
"userHandle": "<string>"
},
"clientExtensionResults": {
"appid": true,
"credProps": {
"rk": true
},
"hmacCreateSecret": true
},
"authenticatorAttachment": "<string>"
},
"email": "[email protected]"
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
}
}verifySignInWebauthn
Complete the Webauthn sign-in process by verifying the response from the user’s device. Returns a session if validation is successful.
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/webauthn/verify \
--header 'Content-Type: application/json' \
--data '
{
"credential": {
"id": "<string>",
"type": "<string>",
"rawId": "aSDinaTvuI8gbWludGxpZnk=",
"response": {
"clientDataJSON": "<string>",
"authenticatorData": "<string>",
"signature": "<string>",
"userHandle": "<string>"
},
"clientExtensionResults": {
"appid": true,
"credProps": {
"rk": true
},
"hmacCreateSecret": true
},
"authenticatorAttachment": "<string>"
},
"email": "[email protected]"
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
}
}Body
WebAuthn credential assertion response from the user's authenticator device
Show child attributes
Show child attributes
The credential's identifier
The credential type represented by this object
Base64url-encoded binary data
Show child attributes
Show child attributes
Base64url encoded client data JSON
Base64url encoded authenticator data
Base64url encoded assertion signature
Base64url encoded user handle
Map of extension outputs from the client
Show child attributes
Show child attributes
Application identifier extension output
HMAC secret extension output
The authenticator attachment
A valid email. Deprecated, no longer used
Response
Sign in successful
Container for session information
User authentication session containing tokens and user information
Show child attributes
Show child attributes
JWT token for authenticating API requests
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Expiration time of the access token in seconds
900
Identifier for the refresh token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Token used to refresh the access token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
User profile and account information
Show child attributes
Show child attributes
URL to the user's profile picture
"https://myapp.com/avatars/user123.jpg"
Timestamp when the user account was created
"2023-01-15T12:34:56Z"
Default authorization role for the user
"user"
User's display name
"John Smith"
Whether the user's email has been verified
true
Unique identifier for the user
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Whether this is an anonymous user account
false
User's preferred locale (language code)
2"en"
Custom metadata associated with the user
{ "firstName": "John", "lastName": "Smith" }Whether the user's phone number has been verified
false
List of roles assigned to the user
["user", "customer"]User's email address
User's phone number
"+12025550123"
Active MFA type for the user
Was this page helpful?