Credentials

Start a registration of WebAuthn credentials for a specified user. This requires an authorized authentication session created by a server side call to /auth-session/start-with-authorization. If successful, the response will contain a credential_creation_options field that should be passed in the WebAuthn navigator.credentials.create() API call. Note that some fields (user.id and challenge) in the credential_creation_options object are base64 encoded and must first be decoded and converted to an array buffer. It is recommended to use the webauthn-json library that handles this.

Complete the WebAuthn credential registration, and obtain the authorization code to exchange for user tokens. It's required to provide the webauthn_session_id that was recieved in the registration start response. Note that some fields (clientDataJSON and attestationObject) must be converted from array buffer to base64 strings. If webauthn-json create() was used this is already taken care of.

Start a new webauthn authentication. This requires an authentication session, but it can be created from the client side without authorization by calling /auth-session/start-restricted. If successful, the response will contain a credential_request_options field that should be passed in the WebAuthn navigator.credentials.get() API call. Note that some fields (challenge and each id in the allowCredentials list) in the credential_request_options object are base64 encoded and must first be decoded and converted to array buffer, it is recommended to use the webauthn-json library that handles this.

Complete the WebAuthn credential assertion, and obtain the authorization code to exchange for user tokens. It's required to provide the webauthn_session_id that was recieved in the authentication start response. Note that some fields in the public_key_credential.response object must be converted from array buffer to base64 strings (clientDataJSON, authenticatorData, signature and userHandle). If webauthn-json get() was used this is already taken care of.

Start a new webauthn passkey authentication. This requires an authentication session, but it can be created from the client side without authorization by calling /auth-session/start-restricted. If successful, the response will contain a credential_request_options field that should be passed in the WebAuthn navigator.credentials.get() API call. Note that some fields (challenge and each id in the allowCredentials list) in the credential_request_options object are base64 encoded and must first be decoded and converted to array buffer, it is recommended to use the webauthn-json library that handles this.

Complete the WebAuthn credential assertion, and obtain the authorization code to exchange for user tokens. It's required to provide the webauthn_session_id that was recieved in the authentication start response. Note that some fields in the public_key_credential.response object must be converted from array buffer to base64 strings (clientDataJSON, authenticatorData, signature and userHandle). If webauthn-json get() was used this is already taken care of.