Verify authentication¶
Verify authentication credential for WebAuthn (passwordless authentication)
- HTTP Method:
POST - URL:
https://example.domain.tld/api/v1/webauthn/authentication/verify/ - Require authentication:
No
Request parameters¶
| Parameter | Type | Description | Required |
|---|---|---|---|
| auth_challenge | str | Challenge received as response to authentication options request | Required |
The aforementioned parameter must be appended to the response generated by browser’s navigator.credentials.get(options) method.
This modified object must then be sent as request data.
See example request below.
Response parameters¶
| Parameter | Type | Description |
|---|---|---|
| auth | dict | The authentication status object |
| username | str | Your account username |
| status | str | Authentication status |
| message | str | Authentication status description |
| auth_token | str | Authorization token |
| perm_level | str | Your account permission level |
| valid_from | int | Token start of validity as UNIX timestamp (seconds) |
| valid_to | int | Token expiry as UNIX timestamp (seconds) |
Example request (Python)¶
import requests
import json
from pprint import pprint
data = {
"id": "CxroK5L83ZvzZU1DlekalNE8m9D1u0676tNPLIb_R5o",
"rawId": "CxroK5L83ZvzZU1DlekalNE8m9D1u0676tNPLIb_R5o",
"response": {
"authenticatorData": "4LXcjpQO0_S1uAcJgFZyeuZX29Hv_IDNVbQyq1T4V6MFAAAAAg",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUTdxUzFjVUlHVy1tclFyeWxBbm41UUxFWFRKd2RtbzhhdTk3Sk9kaW5OLXM2c2VFYmtldWZsZE5Ka3FjYk1wNUhuZVpmc1dIUktTZEROcjdKbUo0U3ciLCJvcmlnaW4iOiJodHRwczovL2RlbW8ubXltYWlsY2hlYXAuY29tIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
"signature": "2kUqR_dV6yAqpt_6kQv0gfr1xOyM-_atvbwsUv1vg3j0y4OqAIxigHVhnsKzgaBuTDY2x1n4WFuIp0HWTFCvE0_D2YbqboZrcAGecmHy695I5k0PoGm15VYXDO74qfH41bBsxXk-pxJl-YBrf6bbm2zbXE_4Id3z4t35P-ANZOZgoP5RFNEHY3RvM42L6VjDd4597LsydB6R1rE4stKergBabysNyf2wiV-epbSLhDwC_F9-vwIaxvrrFncv98SoJeTthyrGnB_lTPz--8Zlc9c-CNCk_Y60piUPTAyf0hPKMFVoKl4HQ0TLo__P_G35LaPRudzTxuCUdantW2FPEA",
"userHandle": "MTI"
},
"type": "public-key",
"clientExtensionResults": {},
"auth_challenge": "3JMxkXdTod6UoaFJR5-Gp7ReiPdj_Mn9IlZWuJW2uJg0ScM5rITUq3CoIc_S4u5JuBA6QYYXdTqe9YTz3KUgsg"
}
url = "https://example.domain.tld/api/v1/webauthn/authentication/verify/"
r = requests.post(url, json=data)
try:
pprint(r.json())
except:
print(r.text)
Example response (JSON)¶
{'auth': {'auth_token': 'Woy1D6tHXVc1heFmzDnSZ5svoR81IbW5fxbA2lZq',
'message': 'Successfully logged in',
'perm_level': 'MasterAdmin',
'status': 'success',
'username': 'masteradmin2',
'valid_from': 1582536047,
'valid_to': 1582622447}}