Guron
Guron3mo ago

Error on authorization after creation passkey via API

Environment: self hosting I am doing the flow described here https://zitadel.com/docs/guides/integrate/login-ui/passkey#login-with-passkey to test passkey flow before development. I am sending requests to Zitadel using Postman. 1. Create a pass key registration link 
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'
2. Start the registration of pass key 
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'
3. Register new Passkey on current device I am using mini html+js script to run the function: 
const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});
const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});
4. Verify a pass key for a user 
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'
curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'
Passkey is added to Zitadel console, but during login I see the error Errors.User.WebAuthN.BeginLoginFailed. Could you help me to understand why the error heppens?
ZITADEL Docs
Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps even across multiple devices.
No description
1 Reply
Rajat
Rajat3mo ago
hey @Guron thanks for yoyr question, please align the challenges.webAuthN.domain field or your UI host with the passkey’s registered domain. This has been raised before 🙂 This Error occurs when ZITADEL refuses to initiate WebAuthn login due to domain/origin mismatch.

Did you find this page helpful?