Skip to main content

List FIDO2 credentials of a client

GET 
/nevisidm/api/core/v1/clients/:extId/fido2

Since: 2.86.0

Required permission(s): AccessControl.ClientView,AccessControl.CredentialView

Returns all FIDO2 credentials belonging to users of the client with the given external ID.

Supports sorting via sortBy query parameter. Possible values:

  • extId,
  • validity.to,
  • validity.from,
  • version,
  • created,
  • lastModified,
  • aaguid,
  • rpId,
  • userFriendlyName

Supports offset-based pagination. The offset query parameter specifies the offset of the first result to be returned. If both continuation token and offset are provided, the continuation token is ignored.

Filtering is supported by:

  • userFriendlyName
  • extId
  • hashedCredentialId
  • stateName

Modifiers for extId and userFriendlyName: _SW (starts with), _IEQ (case-insensitive full match).

Example filter queries:

  • ?userFriendlyName=NEVIS%20Android%20phone&stateName=active
  • ?userFriendlyName_IEQ=nevis%20Android%20phone&stateName=active
  • ?userFriendlyName_SW=NEVIS&stateName=active
  • ?hashedCredentialId=hashedCredentialId
  • ?extId=fido2TestExtId
  • ?extId_SW=fido2TestExtId
  • ?extId_IEQ=fido2TestExtId

Example sort queries:

  • ?sortBy=extId
  • ?sortBy=extId_DESC
  • ?sortBy=extId_ASC

Set returnTotalResultCount=true to include the total count in the _pagination response.

Request

Path Parameters

    extId stringrequired

    External ID of the client.

    Example: client-123

Query Parameters

    continuationToken string

    Pagination continuation token from a previous response.

    limit int32

    Default value: 0

    Maximum number of results to return.

    Example: 100
    sortBy string

    Field to sort by, optionally suffixed with _ASC or _DESC.

    Example: extId_ASC
    allParams objectrequired
    returnTotalResultCount boolean

    Whether to include total result count in the pagination response.

    offset int32

    Zero-based offset for pagination. Overrides continuation token if provided.

Responses

FIDO2 credentials retrieved successfully

Schema
    items object[]
  • Array [
    • created string

    Creation date of the entity.

    lastModified string

    Date when the entity was last modified.

    version int32

    Version used for optimistic locking.

    extId string

    The external ID of the credential.

    userExtId string

    The external ID of the user to whom the credential belongs.

    policyExtId string

    The external ID of the used policy.

    stateName string

    Possible values: [initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived]

    The state of the credential. Available values: initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived.

    stateChangeReason string

    Reason for the last state change of the password.

    stateChangeDetail string

    Reason detail for the last state change of the password.

    lastSuccessfulLoginDate string

    Timestamp of last successful login.

    successfulLoginCount int32

    Counts successful logins with this credential since last initialization or reset.

    lastFailedLoginDate string

    Date of last non-technical login failure, for example, wrong password.

    failedLoginCount int32

    Counts non-technical login failures since the last successful login, initialization or reset.

    modificationComment string

    Textual comment regarding the last modification.

    type string

    Possible values: [Password, Certificate, SecurID User Mapping, Ticket Authorization, Safeword User Mapping, OTP Card, Temporary Strong Password, Generic Credential, Kerberos, mTan, Vasco, PUK, URL Ticket, DevicePassword, MobileSignature, SAML Federation, Security Questions, Context Password, OATH, FIDO UAF Authenticator, Recovery Code, FIDO2 Authenticator]

    Type of credential.

    validity object

    Describes the validity period of the password.

    from string

    Start date of the entity's validity in ISO format.

    to string

    End date of the entity's validity in ISO format.

    aaguid string

    A 128-bit identifier indicating the type (make/model) of the authenticator.

    authenticator string

    The authenticator used for FIDO2 which can contain credentialId.

    authenticatorAttachment string

    Possible values: [platform, crossplatform]

    AuthenticatorAttachment parameter

    attestationConveyancePreference string

    Possible values: [direct, indirect, none, enterprise]

    AttestationConveyancePreference parameter.

    hashedCredentialId string

    Hashed value of credential ID generated by the authenticator.

    rpId string

    Domain of the party using this authentication for its website.

    residentKeyRequirement string

    Possible values: [required, discouraged]

    ResidentKey parameter.

    userAgent string

    UserAgent of the browser used.

    userFriendlyName string

    Human readable name of the credential.

    userVerificationRequirement string

    Possible values: [required, preferred, discouraged]

    User Verification parameter.

  • ]
    • _pagination object
    continuationToken string

    The continuation token for fetching the next page of results generated from creation date and external id of the last entity

    limit int32

    The maximum number of results returned in a single page

    totalResult int64

    The total number of results available, only supported for selected endpoints, if returnTotalResultCount query-parameter is true

    _classifications object
    property name* string[]
  • Array [

    • string

  • ]
Loading...
Last updated on