Create User Action Signature
Last updated
Last updated
POST /auth/action
Completes the user action signing process and provides a signing token that can be used to verify the user intended to perform the action.
The type of credentials used to sign the action is determined by the kind
field in the nested objects (firstFactor
and secondFactor
). Supported credential kinds are:
Fido2
: User action is signed by a user's signing device using WebAuthn
.
Key
: User action is signed by a user's, or token's, private key.
PasswordProtectedKey
: Login challenge is signed by the decrypted user's private key that was sent during step.
Auth:Action:Sign
Always Required
challengeIdentifier
*
String
firstFactor
*
Object
first factor credential used to sign the user action
secondFactor
Object
Optional
second factor credential used to authenticate a user
kind
*
String
will always be Fido2
credentialAssertion
*
Object
credentialAssertion.credId
*
String
base64url encoded id of the credential returned by the user's WebAuthn client
credentialAssertion.clientData
*
String
base64url encoded client data object returned by the user's WebAuthn client
credentialAssertion.authenticatorData
*
String
base64url encoded authenticator data object returned by the user's WebAuthn client
credentialAssertion.signature
*
String
base64url encoded signature returned by the user's WebAuthn client
credentialAssertion.userHandle
*
String
base64url encoded userHandle returned by the user's WebAuthn client
kind
*
String
Key
or PasswordProtectedKey
credentialAssertion
*
Object
credentialAssertion.credId
*
String
base64url encoded id of the credential
credentialAssertion.clientData
*
String
credentialAssertion.signature
*
String
base64url encoded signature generated by signing the clientData JSON string object
Success - a token that will be passed in the X-DFNS-USERACTION header
temporary authentication token returned by the
JSON object, stringified and base64url-encoded
See for common errors.
See for user action signing specific errors.