Start a WebAuthN registration
POST/resources/v3alpha/users/:id/webauthn
Start the registration of a new WebAuthN device (e.g. Passkeys) for a user. As a response the public key credential creation options are returned, which are used to verify the device.
Request​
Path Parameters
unique identifier of the user.
Query Parameters
- application/json
- application/grpc
- application/grpc-web+proto
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Body
required
Possible values: non-empty and <= 200 characters
Domain on which the user currently is or will be authenticated.
Possible values: [WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED, WEB_AUTH_N_AUTHENTICATOR_PLATFORM, WEB_AUTH_N_AUTHENTICATOR_CROSS_PLATFORM]
Default value: WEB_AUTH_N_AUTHENTICATOR_UNSPECIFIED
Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.
code
object
Optionally provide a one time code generated by ZITADEL. This is required to start the passkey registration without user authentication.
Possible values: non-empty and <= 200 characters
ID to the one time code generated by ZITADEL.
Possible values: non-empty and <= 200 characters
one time code generated by ZITADEL.
Responses​
- 200
- 403
- 404
- default
WebAuthN registration successfully started
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details
object
the timestamp of the first event applied to the object.
the timestamp of the last event applied to the object.
owner
object
the parent object representing the returned objects context.
Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]
Default value: OWNER_TYPE_UNSPECIFIED
unique identifier of the WebAuthN registration.
{
"details": {
"id": "69629012906488334",
"created": "2024-11-22T09:27:10.378Z",
"changed": "2024-11-22T09:27:10.378Z",
"owner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
the timestamp of the first event applied to the object.
the timestamp of the last event applied to the object.
owner
object
the parent object representing the returned objects context.
Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]
Default value: OWNER_TYPE_UNSPECIFIED
unique identifier of the WebAuthN registration.
{
"details": {
"id": "69629012906488334",
"created": "2024-11-22T09:27:10.378Z",
"changed": "2024-11-22T09:27:10.378Z",
"owner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
the timestamp of the first event applied to the object.
the timestamp of the last event applied to the object.
owner
object
the parent object representing the returned objects context.
Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]
Default value: OWNER_TYPE_UNSPECIFIED
unique identifier of the WebAuthN registration.
{
"details": {
"id": "69629012906488334",
"created": "2024-11-22T09:27:10.379Z",
"changed": "2024-11-22T09:27:10.379Z",
"owner": "69629023906488334"
},
"webAuthNId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
Returned when the user does not have permission to access the resource.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource does not exist.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}