Initialize WebAuthn login

Initialize a login with Webauthn. Returns a JSON representation of CredentialRequestOptions for use with the Webauthn API’s navigator.credentials.get().

Omitting the optional request body or using an empty JSON object results in generation of request options for a login using a discoverable credential (i.e. they will not contain allowCredentials).

Note: The Webauthn API uses binary data represented by ArrayBuffers for certain input/output values. The Hanko API returns these values as base64url-encoded, so they must be converted to ArrayBuffers when passed to the Webauthn API. Similarly, Webauthn API output must be converted to base64url-encoded values when passed to the Hanko API (e.g. using the webauthn-json library).

POST

https://{tenant_id}.hanko.io

webauthn

initialize

{
  "publicKey": {
    "challenge": "qgOI+0KpGnl9NOqaT6dfsYvi96R87LgpErnvePeOgSU=",
    "timeout": 60000,
    "rpId": "localhost",
    "allowCredentials": [
      {
        "type": "public-key",
        "id": "Mepptysj5ZZrTlg0qiLbsZ068OtQMeGVAikVy2n1hvvG..."
      }
    ],
    "userVerification": "required"
  }
}

Body

application/json

user_id

string

The ID of the user on whose behalf WebAuthn login should be performed

Response

200 - application/json

Options for assertion generation with the WebAuthn API

publicKey

object

Was this page helpful?

Create/Set a password Finalize WebAuthn login

{
  "publicKey": {
    "challenge": "qgOI+0KpGnl9NOqaT6dfsYvi96R87LgpErnvePeOgSU=",
    "timeout": 60000,
    "rpId": "localhost",
    "allowCredentials": [
      {
        "type": "public-key",
        "id": "Mepptysj5ZZrTlg0qiLbsZ068OtQMeGVAikVy2n1hvvG..."
      }
    ],
    "userVerification": "required"
  }
}