addSecurityKey

Initialize adding of a new webauthn security key

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/user/webauthn/add \
  --header 'Authorization: Bearer <token>'

{
  "rp": {
    "name": "<string>",
    "id": "<string>"
  },
  "user": {
    "name": "<string>",
    "displayName": "<string>",
    "id": "<string>"
  },
  "challenge": "aSDinaTvuI8gbWludGxpZnk=",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "timeout": 123,
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "aSDinaTvuI8gbWludGxpZnk=",
      "transports": [
        "usb"
      ]
    }
  ],
  "authenticatorSelection": {
    "authenticatorAttachment": "platform",
    "requireResidentKey": true,
    "residentKey": "discouraged",
    "userVerification": "preferred"
  },
  "hints": [
    "security-key"
  ],
  "attestation": "none",
  "attestationFormats": [
    "packed"
  ],
  "extensions": {}
}

POST

user

webauthn

add

Initialize adding of a new webauthn security key

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/user/webauthn/add \
  --header 'Authorization: Bearer <token>'

{
  "rp": {
    "name": "<string>",
    "id": "<string>"
  },
  "user": {
    "name": "<string>",
    "displayName": "<string>",
    "id": "<string>"
  },
  "challenge": "aSDinaTvuI8gbWludGxpZnk=",
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": 123
    }
  ],
  "timeout": 123,
  "excludeCredentials": [
    {
      "type": "public-key",
      "id": "aSDinaTvuI8gbWludGxpZnk=",
      "transports": [
        "usb"
      ]
    }
  ],
  "authenticatorSelection": {
    "authenticatorAttachment": "platform",
    "requireResidentKey": true,
    "residentKey": "discouraged",
    "userVerification": "preferred"
  },
  "hints": [
    "security-key"
  ],
  "attestation": "none",
  "attestationFormats": [
    "packed"
  ],
  "extensions": {}
}

Authorizations

Authorization

string

header

required

Bearer authentication that requires elevated permissions. Used for sensitive operations that may require additional security measures such as recent authentication. For details see https://docs.nhost.io/guides/auth/elevated-permissions

Response

Challenge created for registering a new security key

object

required

Show child attributes

user

object

required

Show child attributes

challenge

string<byte>

required

Base64url-encoded binary data

pubKeyCredParams

object[]

required

The desired credential types and their respective cryptographic parameters

Show child attributes

timeout

integer

A time, in milliseconds, that the caller is willing to wait for the call to complete

excludeCredentials

object[]

A list of PublicKeyCredentialDescriptor objects representing public key credentials that are not acceptable to the caller

Show child attributes

authenticatorSelection

object

Show child attributes

hints

enum<string>[]

Hints to help guide the user through the experience

Show child attributes

attestation

enum<string>

default:none

The attestation conveyance preference

Available options:

none,

indirect,

direct,

enterprise

attestationFormats

enum<string>[]

The preferred attestation statement formats

Show child attributes

extensions

object

Additional parameters requesting additional processing by the client and authenticator

/user/password/reset /user/webauthn/verify

⌘I

Backend Services

Client Libraries

Client Libraries (deprecated)

CLI

Authorizations

Response