Verify Webauthn sign-up

POST

/signup/webauthn/verify

• Nhost Authentication API Server

Complete the Webauthn sign-up process by verifying the response from the user’s device. Returns a session if validation is successful.

Request Body ^required

WebAuthn credential creation response and optional user profile information

object

credential

required

object

id

required

The credential’s identifier

string

type

required

The credential type represented by this object

string

rawId

required

Base64url-encoded binary data

string format: byte

clientExtensionResults

Map of extension outputs from the client

object

appid

Application identifier extension output

boolean

credProps

Credential properties extension output

object

rk

Indicates if the credential is a resident key

boolean

hmacCreateSecret

HMAC secret extension output

boolean

key

additional properties

any

authenticatorAttachment

The authenticator attachment

string

response

required

object

clientDataJSON

required

Base64url-encoded binary data

string format: byte

transports

The authenticator transports

Array<string>

authenticatorData

Base64url-encoded binary data

string format: byte

publicKey

Base64url-encoded binary data

string format: byte

publicKeyAlgorithm

The public key algorithm identifier

integer format: int64

attestationObject

required

Base64url-encoded binary data

string format: byte

options

object

allowedRoles

Array<string>

Example

[
  "me",
  "user"
]

defaultRole

string

Example

user

displayName

string

<= 32 characters /^[\p{L}\p{N}\p{S} ,.'-]+$/

Example

John Smith

locale

A two or three characters locale

string

>= 2 characters <= 3 characters

Example

en

metadata

object

key

additional properties

any

Example

{
  "firstName": "John",
  "lastName": "Smith"
}

redirectTo

string format: uri

Example

https://my-app.com/catch-redirection

nickname

Nickname for the security key

string

Responses

200

Sign up successful

Container for session information

object

session

User authentication session containing tokens and user information

object

accessToken

required

JWT token for authenticating API requests

string

Example

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

accessTokenExpiresIn

required

Expiration time of the access token in seconds

integer format: int64

Example

900

refreshTokenId

required

Identifier for the refresh token

string

/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/

Example

2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24

refreshToken

required

Token used to refresh the access token

string

/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/

Example

2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24

user

User profile and account information

object

avatarUrl

required

URL to the user’s profile picture

string

Example

https://myapp.com/avatars/user123.jpg

createdAt

required

Timestamp when the user account was created

string format: date-time

Example

2023-01-15T12:34:56Z

defaultRole

required

Default authorization role for the user

string

Example

user

displayName

required

User’s display name

string

Example

John Smith

email

User’s email address

string format: email

Example

john.smith@nhost.io

emailVerified

required

Whether the user’s email has been verified

boolean

Example

true

id

required

Unique identifier for the user

string

/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/

Example

2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24

isAnonymous

required

Whether this is an anonymous user account

boolean

locale

required

User’s preferred locale (language code)

string

>= 2 characters <= 3 characters

Example

en

metadata

required

Custom metadata associated with the user

object

key

additional properties

any

Example

{
  "firstName": "John",
  "lastName": "Smith"
}

phoneNumber

User’s phone number

string

Example

+12025550123

phoneNumberVerified

required

Whether the user’s phone number has been verified

boolean

roles

required

List of roles assigned to the user

Array<string>

Example

[
  "user",
  "customer"
]

activeMfaType

Active MFA type for the user

string

nullable

default

An error occurred while processing the request

Standardized error response

object

status

required

HTTP status error code

integer

Example

400

message

required

Human-friendly error message

string

Example

Invalid email format

error

required

Error code identifying the specific application error

string

Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked