Start the registration of passkey for a user
POST/v2/users/:userId/passkeys
Start the registration of a passkey for a user, as a response the public key credential creation options are returned, which are used to verify the passkey..
Request​
Path Parameters
- application/json
- application/grpc
- application/grpc-web+proto
Body
required
code
object
"one time code generated by ZITADEL; required to start the passkey registration without user authentication"
Possible values: <= 200 characters
"id to the one time code generated by ZITADEL"
Possible values: <= 200 characters
"one time code generated by ZITADEL"
Possible values: [PASSKEY_AUTHENTICATOR_UNSPECIFIED
, PASSKEY_AUTHENTICATOR_PLATFORM
, PASSKEY_AUTHENTICATOR_CROSS_PLATFORM
]
Default value: PASSKEY_AUTHENTICATOR_UNSPECIFIED
"Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed."
"Domain on which the user is authenticated."
Body
required
code
object
"one time code generated by ZITADEL; required to start the passkey registration without user authentication"
Possible values: <= 200 characters
"id to the one time code generated by ZITADEL"
Possible values: <= 200 characters
"one time code generated by ZITADEL"
Possible values: [PASSKEY_AUTHENTICATOR_UNSPECIFIED
, PASSKEY_AUTHENTICATOR_PLATFORM
, PASSKEY_AUTHENTICATOR_CROSS_PLATFORM
]
Default value: PASSKEY_AUTHENTICATOR_UNSPECIFIED
"Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed."
"Domain on which the user is authenticated."
Body
required
code
object
"one time code generated by ZITADEL; required to start the passkey registration without user authentication"
Possible values: <= 200 characters
"id to the one time code generated by ZITADEL"
Possible values: <= 200 characters
"one time code generated by ZITADEL"
Possible values: [PASSKEY_AUTHENTICATOR_UNSPECIFIED
, PASSKEY_AUTHENTICATOR_PLATFORM
, PASSKEY_AUTHENTICATOR_CROSS_PLATFORM
]
Default value: PASSKEY_AUTHENTICATOR_UNSPECIFIED
"Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed."
"Domain on which the user is authenticated."
Responses​
- 200
- 403
- 404
- default
OK
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-12-20T16:04:43.977Z",
"resourceOwner": "69629023906488334"
},
"passkeyId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-12-20T16:04:43.978Z",
"resourceOwner": "69629023906488334"
},
"passkeyId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-12-20T16:04:43.978Z",
"resourceOwner": "69629023906488334"
},
"passkeyId": "163840776835432705",
"publicKeyCredentialCreationOptions": {
"publicKey": {
"attestation": "none",
"authenticatorSelection": {
"userVerification": "required"
},
"challenge": "XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ",
"excludeCredentials": [
{
"id": "tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI",
"type": "public-key"
}
],
"pubKeyCredParams": [
{
"alg": -7,
"type": "public-key"
}
],
"rp": {
"id": "localhost",
"name": "ZITADEL"
},
"timeout": 300000,
"user": {
"displayName": "Tim Mohlmann",
"id": "MjE1NTk4MDAwNDY0OTk4OTQw",
"name": "tim"
}
}
}
}
Returned when the user does not have permission to access the resource.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource does not exist.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}