WebAuthn authentication ceremony endpoint

POST 
/nevisfido/fido2/assertion/result

This endpoint represents the second and final step of the FIDO2/WebAuthn authentication ceremony, where the client delivers the authenticator's signed assertion back to the nevisFIDO server. The assertion contains a cryptographic signature over the challenge that was issued by the preceding options request, allowing the server to verify the user's possession of the registered credential without transmitting any secret. nevisFIDO validates the signature, confirms the session challenge, and updates the session status to reflect the outcome of the authentication attempt. The session identifier returned in the response can be used to poll the authentication status or retrieve the result in downstream flows.

Request

application/json

Body

required

response object
signature string
authenticatorData string
userHandle string
clientDataJSON string
userAgent string
type string
id string
clientExtensionResults object
appid boolean
appidExclude boolean
uvm array[]
empty boolean
first number[]
last number[]
Array [
type
items number
]
credProps object
rk boolean
hmacCreateSecret boolean
hmacGetSecret object
output1 byte
output2 byte

Responses

200

OK The server processed the request successfully. A ServerResponse JSON object is returned.

*/*

Schema

Schema

status string

Possible values: [ok, failed]

errorMessage string
fido2SessionId string

Example (from schema)

{
  "status": "ok",
  "errorMessage": "string",
  "fido2SessionId": "string"
}

405

Method Not Allowed The method of the received request was not POST.

406

Not Acceptable The Accept header is not properly set to application/json.

415

Unsupported Media Type The Content-Type header is not properly set to application/json;charset=UTF-8.

Loading...