Complete WebAuthn Registration

Complete WebAuthn registration by verifying attestation and storing credential.

Quick Navigation

• Endpoint
• Headers
• Request Body
  • Parameters
• Response
  • Success (200)
• Error Codes
• Data Flow
• Features
• Example
• Related Endpoints

Endpoint

POST /api/v1/webauthn/register/complete

Headers

Header	Required	Description
Authorization	Yes	Bearer <access_token>
Content-Type	Yes	application/json

Request Body

{
  "credential": {
    "id": "credential_id_base64",
    "rawId": "credential_raw_id_base64",
    "response": {
      "attestationObject": "attestation_object_cbor",
      "clientDataJSON": "client_data_json"
    },
    "type": "public-key"
  },
  "device_name": "iPhone 14 Pro"
}

Parameters

Field	Type	Required	Description
credential	object	Yes	WebAuthn credential from browser API
device_name	string	Yes	Device name from registration start

Response

Success (200)

{
  "success": true,
  "data": {
    "credential_id": 123,
    "device_name": "iPhone 14 Pro",
    "created_at": "2024-01-01T12:00:00Z",
    "message": "WebAuthn credential registered successfully"
  },
  "message": "WebAuthn credential registered successfully"
}

Error Codes

Status	Code	Description
400	REGISTRATION_COMPLETION_FAILED	Registration completion failed
400	INVALID_ATTESTATION	Invalid attestation
401	UNAUTHORIZED	Invalid or missing token
404	USER_NOT_FOUND	User not found
404	CHALLENGE_NOT_FOUND	Registration challenge not found or expired

Data Flow

1. Authentication

   • Verify access token
   • Get current user

2. Challenge Verification

   • Retrieve challenge from Redis
   • Verify challenge matches
   • Verify challenge not expired

3. Attestation Verification

   • Parse attestation object
   • Verify attestation signature
   • Verify client data
   • Extract public key

4. Credential Storage

   • Store credential in database
   • Store public key
   • Link credential to user
   • Store device name

5. Challenge Cleanup

   • Remove challenge from Redis

6. Audit Logging

   • Log credential registration
   • Record device name

7. Response

   • Return credential details

Features

• Verify attestation
• Store credential securely
• Enable WebAuthn for user
• Support for multiple credentials per user
• Device name association

Example

curl -X POST https://api.rivergen.com/api/v1/webauthn/register/complete \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "credential": {...},
    "device_name": "iPhone 14 Pro"
  }'

Related Endpoints

• Start Registration - Start registration process
• List Credentials - View registered credentials