POST
/
signup
/
webauthn
Sign up with Webauthn
curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/signup/webauthn \
  --header 'Content-Type: application/json' \
  --data '{
  "email": "john.smith@nhost.io",
  "options": {
    "allowedRoles": [
      "me",
      "user"
    ],
    "defaultRole": "user",
    "displayName": "John Smith",
    "locale": "en",
    "metadata": {
      "firstName": "John",
      "lastName": "Smith"
    },
    "redirectTo": "https://my-app.com/catch-redirection"
  }
}'
{
  "rp": {
    "name": "<string>",
    "id": "<string>"
  },
  "user": {
    "name": "<string>",
    "displayName": "<string>",
    "id": "<string>"
  },
  "challenge": "aSDinaTvuI8gbWludGxpZnk=",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "timeout": 123,
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "aSDinaTvuI8gbWludGxpZnk=",
      "transports": [
        "usb"
      ]
    }
  ],
  "authenticatorSelection": {
    "authenticatorAttachment": "platform",
    "requireResidentKey": true,
    "residentKey": "discouraged",
    "userVerification": "preferred"
  },
  "hints": [
    "security-key"
  ],
  "attestation": "none",
  "attestationFormats": [
    "packed"
  ],
  "extensions": {}
}

Body

application/json

Email address and optional user options for WebAuthn registration

email
string<email>
required

A valid email

Example:

"john.smith@nhost.io"

options
object

Response

Challenge sent

rp
object
required
user
object
required
challenge
string<byte>
required

Base64url-encoded binary data

pubKeyCredParams
object[]
required

The desired credential types and their respective cryptographic parameters

timeout
integer

A time, in milliseconds, that the caller is willing to wait for the call to complete

excludeCredentials
object[]

A list of PublicKeyCredentialDescriptor objects representing public key credentials that are not acceptable to the caller

authenticatorSelection
object
hints
enum<string>[]

Hints to help guide the user through the experience

attestation
enum<string>
default:none

The attestation conveyance preference

Available options:
none,
indirect,
direct,
enterprise
attestationFormats
enum<string>[]

The preferred attestation statement formats

extensions
object

Additional parameters requesting additional processing by the client and authenticator