Finalize WebAuthn login
curl --request POST \
--url https://{tenant_id}.hanko.io/webauthn/login/finalize \
--header 'Content-Type: application/json' \
--data '
{
"id": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"rawId": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"type": "public-key",
"response": {
"clientDataJson": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...",
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...",
"signature": "MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...",
"userHandle": "rpe_EkgaSEeZG0TwzZyZJw"
}
}
'import requests
url = "https://{tenant_id}.hanko.io/webauthn/login/finalize"
payload = {
"id": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"rawId": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"type": "public-key",
"response": {
"clientDataJson": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...",
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...",
"signature": "MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...",
"userHandle": "rpe_EkgaSEeZG0TwzZyZJw"
}
}
headers = {"Content-Type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
id: '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
rawId: '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
type: 'public-key',
response: {
clientDataJson: 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...',
authenticatorData: 'SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...',
signature: 'MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...',
userHandle: 'rpe_EkgaSEeZG0TwzZyZJw'
}
})
};
fetch('https://{tenant_id}.hanko.io/webauthn/login/finalize', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenant_id}.hanko.io/webauthn/login/finalize",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'id' => '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
'rawId' => '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
'type' => 'public-key',
'response' => [
'clientDataJson' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...',
'authenticatorData' => 'SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...',
'signature' => 'MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...',
'userHandle' => 'rpe_EkgaSEeZG0TwzZyZJw'
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{tenant_id}.hanko.io/webauthn/login/finalize"
payload := strings.NewReader("{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{tenant_id}.hanko.io/webauthn/login/finalize")
.header("Content-Type", "application/json")
.body("{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenant_id}.hanko.io/webauthn/login/finalize")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}"
response = http.request(request)
puts response.read_body{
"credential_id": "<string>",
"user_id": "<string>"
}{
"code": 400,
"message": "Bad Request"
}{
"code": 401,
"message": "Unauthorized"
}{
"code": 500,
"message": "Internal Server Error"
}WebAuthn
Finalize WebAuthn login
deprecated
Finalize a login with Webauthn.
POST
/
webauthn
/
login
/
finalize
Finalize WebAuthn login
curl --request POST \
--url https://{tenant_id}.hanko.io/webauthn/login/finalize \
--header 'Content-Type: application/json' \
--data '
{
"id": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"rawId": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"type": "public-key",
"response": {
"clientDataJson": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...",
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...",
"signature": "MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...",
"userHandle": "rpe_EkgaSEeZG0TwzZyZJw"
}
}
'import requests
url = "https://{tenant_id}.hanko.io/webauthn/login/finalize"
payload = {
"id": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"rawId": "_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...",
"type": "public-key",
"response": {
"clientDataJson": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...",
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...",
"signature": "MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...",
"userHandle": "rpe_EkgaSEeZG0TwzZyZJw"
}
}
headers = {"Content-Type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
id: '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
rawId: '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
type: 'public-key',
response: {
clientDataJson: 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...',
authenticatorData: 'SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...',
signature: 'MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...',
userHandle: 'rpe_EkgaSEeZG0TwzZyZJw'
}
})
};
fetch('https://{tenant_id}.hanko.io/webauthn/login/finalize', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenant_id}.hanko.io/webauthn/login/finalize",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'id' => '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
'rawId' => '_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...',
'type' => 'public-key',
'response' => [
'clientDataJson' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...',
'authenticatorData' => 'SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...',
'signature' => 'MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...',
'userHandle' => 'rpe_EkgaSEeZG0TwzZyZJw'
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{tenant_id}.hanko.io/webauthn/login/finalize"
payload := strings.NewReader("{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{tenant_id}.hanko.io/webauthn/login/finalize")
.header("Content-Type", "application/json")
.body("{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenant_id}.hanko.io/webauthn/login/finalize")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"id\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"rawId\": \"_18q6IjW09tiM4NSbsZjocUtGx00Muv5mN6LZCelCMDD...\",\n \"type\": \"public-key\",\n \"response\": {\n \"clientDataJson\": \"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdl...\",\n \"authenticatorData\": \"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MF...\",\n \"signature\": \"MEQCIHe2RXqh6dyZw1LNXgeTTxljCV_qK2ydQjp02CiF...\",\n \"userHandle\": \"rpe_EkgaSEeZG0TwzZyZJw\"\n }\n}"
response = http.request(request)
puts response.read_body{
"credential_id": "<string>",
"user_id": "<string>"
}{
"code": 400,
"message": "Bad Request"
}{
"code": 401,
"message": "Unauthorized"
}{
"code": 500,
"message": "Internal Server Error"
}Deprecated. Please use the Flow API instead. What’s the Flow API?.
navigator.credentials.get() call.
The Webauthn API uses binary data represented by ArrayBuffers for certain input/output values.
The Hanko API returns these values as base64url-encoded, so they must be converted to ArrayBuffers
when passed to the Webauthn API. Similarly, Webauthn API output must be converted to base64url-encoded values
when passed to the Hanko API (e.g. using the webauthn-json library).
Body
application/json
Was this page helpful?
⌘I