Skip to main content
POST
/
auth
/
registration
/
social
Create Social Registration Challenge
curl --request POST \
  --url https://api.dfns.io/auth/registration/social \
  --header 'Content-Type: application/json' \
  --data '
{
  "idToken": "<string>",
  "orgId": "or-30tnh-itmjs-s235s5ontr3r23h2"
}
'
{
  "user": {
    "id": "<string>",
    "displayName": "<string>",
    "name": "<string>"
  },
  "temporaryAuthenticationToken": "<string>",
  "challenge": "<string>",
  "supportedCredentialKinds": {
    "firstFactor": [],
    "secondFactor": []
  },
  "authenticatorSelection": {
    "requireResidentKey": true
  },
  "pubKeyCredParams": [
    {
      "alg": 123
    }
  ],
  "excludeCredentials": [
    {
      "id": "cr-6uunn-bm6ja-f6rmod5kqrk5rbel"
    }
  ],
  "otpUrl": "<string>",
  "rp": {
    "id": "<string>",
    "name": "<string>"
  }
}

Authentication

No authentication required.

Required Permissions

No authentication required.

Body

application/json
socialLoginProviderKind
enum<string>
required

Social login provider used to issue the JWT.

Available options:
Oidc
idToken
string
required

JWT id token issued by the social login provider.

orgId
string

Organization id.

Required string length: 1 - 64
Pattern: ^or-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
Example:

"or-30tnh-itmjs-s235s5ontr3r23h2"

Response

200 - application/json

Success

user
object
required
temporaryAuthenticationToken
string
required

JWT used to identify the registration session when calling Complete User Registration.

challenge
string
required

Challenge to be signed by the credential being registered.

supportedCredentialKinds
object
required

Credential kinds that can be used to register the user.

authenticatorSelection
object
required
attestation
enum<string>
required

Identifies the information needed to verify the user's signing certificate; can be one of the following:

  • none: indicates no attestation data is required
  • indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
  • direct: indicates the attestation data must be given and should be generated by the authenticator
  • enterprise: indicates the attestation data should include information to uniquely identify the user's device
Available options:
none,
indirect,
direct,
enterprise
pubKeyCredParams
object[]
required

Public key credential parameters supported for the registration.

excludeCredentials
object[]
required

Credentials to exclude from the registration (already registered for the user).

otpUrl
string
required

URL to provision a TOTP credential, when applicable.

rp
object

Deprecated. Should not be used.

Last modified on June 8, 2026