POST
/v1/auth/webauthn/update/finish

Authorization

Descope Project ID
AuthorizationBearer <token>

Project ID as bearer token.

In: header

Request Body

application/json

transactionId?string
response?string

Finalize adding a new WebAuthn device

curl -X POST "https://api.descope.com/v1/auth/webauthn/update/finish" \  -H "Content-Type: application/json" \  -d '{}'
{  "jwt": {    "sessionJwt": "string",    "refreshJwt": "string",    "cookieDomain": "string",    "cookiePath": "string",    "cookieMaxAge": 0,    "cookieExpiration": 0,    "user": {      "loginIds": [        "string"      ],      "userId": "string",      "name": "string",      "email": "string",      "phone": "string",      "verifiedEmail": true,      "verifiedPhone": true,      "roleNames": [        "string"      ],      "userTenants": [        {          "tenantId": "string",          "roleNames": [            "string"          ],          "tenantName": "string",          "permissions": [            "string"          ],          "roleIds": [            "string"          ]        }      ],      "status": "string",      "externalIds": [        "string"      ],      "picture": "string",      "test": false,      "customAttributes": {        "attribute-key": "attribute-value"      },      "createdTime": 0,      "TOTP": false,      "SAML": false,      "OAuth": {        "property1": false,        "property2": false      },      "webauthn": true,      "password": true,      "ssoAppIds": [        "string"      ],      "givenName": "string",      "middleName": "string",      "familyName": "string",      "editable": true,      "SCIM": true,      "push": true,      "permissions": [        "string"      ],      "OIDC": true,      "consentExpiration": 0,      "recoveryEmail": "string",      "verifiedRecoveryEmail": true,      "recoveryPhone": "string",      "verifiedRecoveryPhone": true,      "modifiedTime": 0,      "roleIds": [        "string"      ]    },    "firstSeen": true,    "idpResponse": {      "samlResponse": "string",      "samlGeneratedUser": "string",      "samlGeneratedRoles": "string",      "oidcResponse": "string",      "oidcGeneratedUser": "string",      "oidcGeneratedRoles": "string",      "idpGroups": [        "string"      ],      "idpSAMLAttributes": false,      "idpOIDCClaims": {}    },    "sessionExpiration": 0,    "externalToken": "string",    "claims": {},    "tenantSSOID": "string",    "trustedDeviceJwt": "string",    "nextRefreshSeconds": 0,    "cookieName": "string",    "sessionCookieName": "string",    "sessionCookieDomain": "string",    "unsavedSSO": true  }}
export interface Response {/** * Populated only when the matching update/start set mfa and a valid refresh token was provided: *  carries a session token whose amr merges the prior factors with the new passkey. *  Empty for the default enrollment flow (backward compatible). */jwt?: JWTResponse}/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface JWTResponse {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: ResponseUserfirstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: stringunsavedSSO?: boolean}export interface ResponseUser {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: numberrecoveryEmail?: stringverifiedRecoveryEmail?: booleanrecoveryPhone?: stringverifiedRecoveryPhone?: booleanmodifiedTime?: number/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}
Was this helpful?