Error on authorization after creation passkey via API

Environment: self hosting

I am doing the flow described here https://zitadel.com/docs/guides/integrate/login-ui/passkey#login-with-passkey to test passkey flow before development.

I am sending requests to Zitadel using Postman.
1. Create a pass key registration link

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/registration_link' \
--header 'Authorization: Bearer *** \
--data '{
  "returnCode": {}
}'

2. Start the registration of pass key

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys' \
--header 'Authorization: Bearer ***
--data '{
  "code": {
        "id": "324825815353131011",
        "code": "ABOYjHl4c5qP"
    },
  "authenticator": "PASSKEY_AUTHENTICATOR_UNSPECIFIED"
}'

3. Register new Passkey on current device
I am using mini html+js script to run the function:

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

4. Verify a pass key for a user

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

curl --location 'http://localhost:8080/v2/users/324817171479789571/passkeys/324825831744471043' \
--header 'Authorization: Bearer ***' \
--data '{
  "publicKeyCredential": {
  "id": "n5Sk1ZJhye0bx5thXFUqcA",
  "rawId": "n5Sk1ZJhye0bx5thXFUqcA",
  "type": "public-key",
  "response": {
    "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAAOqbjWZNAR0hPOS2tIy1ddQAEJ-UpNWSYcntG8ebYVxVKnClAQIDJiABIVgg8RW5561MxBqEKY1YIGCPA1Qv0dtn0Zj5JJJ5CCKpKeciWCDJqYQomqpLiHiYKv49afG1_7iFLWKBPtjXEmJw-rOfpA",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHZPNjdQTjhPN2hwUGhFeURaWGhDUjFfYUZNWlhrR2VHQU5IT2o0UmstNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  }
},
  "passkeyName": "3 iteration key"
}'

Passkey is added to Zitadel console, but during login I see the error Errors.User.WebAuthN.BeginLoginFailed. Could you help me to understand why the error heppens?

ZITADEL Docs

Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps even across multiple devices.

Error on authorization after creation passkey via API

Similar Threads

Similar Threads

Similar Threads