Assertion endpoint
You can use this endpoint to finalize a FIDO2 authentication operation. For more information about authentication with FIDO2, see Approval.
HTTP request
POST https://{instance}.mauth.nevis.cloud/_app/assertion/result
Request body parameters
note
Some HTTP request parameters must be Base64 URL encoded.
| Parameter | Type | Required/Optional | Description |
|---|---|---|---|
type | string | required | Type of credential, which is an extension point. It only supports public-key. |
id | string | required | Base64-URL-encoded unique byte sequence that identifies a public key credential source and its authentication assertions. |
response | DICT | required | Contains a cryptographic signature proving the possession of the credential private key, and optionally, the evidence of user consent to a specific transaction. |
response.clientDataJSON | string | required | Base64-URL-encoded JSON-compatible serialization of client data passed to the authenticator. |
response.authenticatorData | string | required | Base64-URL-encoded authenticator data returned by the authenticator. |
response.signature | string | required | Base64-URL-encoded raw signature returned from the authenticator. |
response.userHandle | string | required | Base64-URL-encoded user handle returned from the authenticator. The parameter cannot be null or empty. |
userAgent | string | optional | User agent that was used to initiate the current request. |
Example HTTP request
cURL code sample for finalizing the authentication
curl "https://$instance.mauth.nevis.cloud/_app/assertion/result" \
-XPOST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-d "{
\"id\":\"$id\",
\"type\":\"public-key\",
\"response\": {
\"authenticatorData\":\"$authenticatorData\",
\"clientDataJSON\":\"$clientDataJSON\",
\"signature\":\"$signature\",
\"userHandle\":\"$userHandle\"
},
\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0\"
}"
HTTP response
| Field | Type | Description |
|---|---|---|
errorMessage | string | Contains the error message if the status is failed, otherwise the field is empty. |
status | string | Indicates the status of the response. On successful operation, status is ok, otherwise failed. |
token | string | Transaction token to verify whether the operation is executed by your Authentication Cloud instance. For more information, see Token introspection endpoint. |
Example HTTP response
- Status is ok
- Status is failed
200 OK: Success response
{
"errorMessage": "",
"status": "ok",
"token": "eyJhbGc...2CDSw"
}
200 OK: Failure response
{
"errorMessage": "The server could not process the WebAuthn message.",
"status": "failed",
"token": "eyJh...haqvw"
}