Error on authorization after creation passkey via API

Environment: self hosting

I am doing the flow described here https://zitadel.com/docs/guides/integrate/login-ui/passkey#login-with-passkey to test passkey flow before development.

I am sending requests to Zitadel using Postman.
1. Create a pass key registration link

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

2. Start the registration of pass key

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

3. Register new Passkey on current device
I am using mini html+js script to run the function:

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

4. Verify a pass key for a user

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

Passkey is added to Zitadel console, but during login I see the error Errors.User.WebAuthN.BeginLoginFailed. Could you help me to understand why the error heppens?

ZITADEL Docs

Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps even across multiple devices.

Error on authorization after creation passkey via API

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

2. Start the registration of pass key

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

3. Register new Passkey on current device
I am using mini html+js script to run the function:

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

4. Verify a pass key for a user

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

Passkey is added to Zitadel console, but during login I see the error Errors.User.WebAuthN.BeginLoginFailed. Could you help me to understand why the error heppens?

ZITADEL Docs

Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps even across multiple devices.

Error on authorization after creation passkey via API

Similar Threads

Error on authorization after creation passkey via API

Similar Threads

Similar Threads

Similar Threads