Start a WebAuthN registration
POST/v3alpha/users/:userId/webauthn
Start the registration of a new WebAuthN device (e.g. Passkeys) for a user. As a response the public key credential creation options are returned, which are used to verify the device.
Request​
Path Parameters
unique identifier of the user.
- application/json
- application/grpc
- application/grpc-web+proto
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Responses​
- 200
- 403
- 404
- default
WebAuthN registration successfully started
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
unique identifier of the WebAuthN registration.
{
"details": {
"sequence": "2",
"changeDate": "2024-07-31T12:22:54.902Z",
"resourceOwner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
unique identifier of the WebAuthN registration.
{
"details": {
"sequence": "2",
"changeDate": "2024-07-31T12:22:54.902Z",
"resourceOwner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
unique identifier of the WebAuthN registration.
{
"details": {
"sequence": "2",
"changeDate": "2024-07-31T12:22:54.902Z",
"resourceOwner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
Returned when the user does not have permission to access the resource.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource does not exist.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}