Skip to main content

Generate Sign-In Options

curl -X POST https://your-domain.com/recipe/webauthn/options/signin \
  -H "Content-Type: application/json" \
  -d '{
    "relyingPartyId": "example.com",
    "relyingPartyName": "My App",
    "origin": "https://example.com",
    "timeout": 60000,
    "userVerification": "preferred",
    "userPresence": false
  }'

{
  "status": "OK",
  "webauthnGeneratedOptionsId": "generated-options-id",
  "publicKey": {
    "challenge": "base64-encoded-challenge",
    "timeout": 60000,
    "rpId": "example.com",
    "userVerification": "preferred",
    "allowCredentials": []
  }
}
relyingPartyId
string
required
Relying party identifier (must match registration)
relyingPartyName
string
required
Human-readable name of the relying party
origin
string
required
Origin URL for credential binding
timeout
number
Timeout in milliseconds (default: 60000)
userVerification
string
User verification requirement: “required”, “preferred”, “discouraged” (default: “preferred”)
userPresence
boolean
Whether user presence is required (default: false)
status
string
“OK” or “INVALID_OPTIONS_ERROR”
webauthnGeneratedOptionsId
string
Unique identifier for these options (used in subsequent sign-in call)
publicKey
object
WebAuthn PublicKeyCredentialRequestOptions to pass to navigator.credentials.get()

Sign In with Credential

curl -X POST https://your-domain.com/recipe/webauthn/signin \
  -H "Content-Type: application/json" \
  -d '{
    "webauthnGeneratedOptionsId": "generated-options-id",
    "credential": {
      "id": "credential-id",
      "rawId": "base64-raw-id",
      "response": {
        "authenticatorData": "base64-authenticator-data",
        "clientDataJSON": "base64-client-data",
        "signature": "base64-signature",
        "userHandle": "base64-user-handle"
      },
      "type": "public-key"
    }
  }'

{
  "status": "OK",
  "user": {
    "id": "user-id",
    "isPrimaryUser": false,
    "tenantIds": ["public"],
    "emails": ["[email protected]"],
    "phoneNumbers": [],
    "thirdParty": [],
    "loginMethods": [
      {
        "recipeId": "webauthn",
        "recipeUserId": "recipe-user-id",
        "tenantIds": ["public"],
        "email": "[email protected]",
        "timeJoined": 1234567890,
        "verified": true,
        "webauthN": {
          "credentialIds": ["credential-id"]
        }
      }
    ],
    "timeJoined": 1234567890
  },
  "recipeUserId": "recipe-user-id"
}
webauthnGeneratedOptionsId
string
required
ID from the options generation response
credential
object
required
PublicKeyCredential object from navigator.credentials.get()
status
string
“OK”, “INVALID_OPTIONS_ERROR”, “INVALID_AUTHENTICATOR_ERROR”, “INVALID_CREDENTIALS_ERROR”, “OPTIONS_NOT_FOUND_ERROR”, “CREDENTIAL_NOT_FOUND_ERROR”, or “UNKNOWN_USER_ID_ERROR”
user
object
Authenticated user object with login methods
recipeUserId
string
The recipe user ID for the authenticated login method

Build docs developers (and LLMs) love

Get started for freeTalk to us