Finish Direct Auth passkey signup.
curl --request POST \ --url https://auth.example.com/api/v1/auth/direct/passkey/signup/finish \ --header 'Content-Type: application/json' \ --data '{ "challenge_id": "challenge_123", "credential": { "id": "credential-id", "type": "public-key", "response": {} }, "code_verifier": "rfc7636-code-verifier", "channel": "browser" }'Verifies a signup passkey registration response, creates the user when needed, and returns a Direct Auth artifact.
Request Body required
Section titled “Request Body required ”object
WebAuthn credential response from the browser.
object
Example
{ "challenge_id": "challenge_123", "credential": { "id": "credential-id", "type": "public-key", "response": {} }, "code_verifier": "rfc7636-code-verifier", "channel": "browser"}Responses
Section titled “ Responses ”Successful JSON response.
object
Example
{ "direct_auth_artifact": "direct_auth_code_123", "expires_in": 60, "is_new_user": true}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}