Create User Action Signature
By using POST /auth/action API, you can complete the user action signing process and provide a signing token to verify your intention to perform the action.The type of credentials used to sign the action is determined by the kind field in the nested objects (firstFactor and secondFactor).
Supported credential kinds are:
Fido2: User action is signed by a user’s signing device usingWebAuthn.Key: User action is signed by a user’s, or token’s, private key.PasswordProtectedKey: Login challenge is signed by the decrypted user’s private key
- Authentication
-
- Organization User (CustomerEmployee)
- Delegated User (EndUser)
- Service Account
- Required Permissions
- No permission required.
- Authorizations
- Bearer Token: To authenticate API requests.
- Parameters
-
challengeIdentifier: The Temporary authentication token returned by the Create Challenge endpoint.
firstFactor: To sign the challenge. Use a Fido2 Credential, also known as Passkeys or WebauthN credential.
secondFactor: To authenticate a user. Use a Fido2 Credential, also known as Passkeys or WebauthN credential.
- Request body
-
{ curl --request POST \ --url https://api.digitalassets.ibm.com/auth/action \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "challengeIdentifier": "eyJ0e...fQNA", "firstFactor": { "kind": "Fido2", "credentialAssertion": { "credId": "c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8", "clientData": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTVdNME1tWTVZVFEwTURSaU56ZGhOVEZoTnpZNU9EUXdOV0k1WlRRNFkyUmhPRFppTkRrM1pUWXpPVEU1T0dZeU1EY3haakJqWXprNE1tUTVZelkxTUEiLCJvcmlnaW4iOiJodHRwczovL2FwcC5kZm5zLm5pbmphIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ", "authenticatorData": "WT-zFZUBbJHfBkmhzTlPf49LTn7asLeTQKhm_riCvFgFAAAAAA", "signature": "MEUCIQDJ8G9J1NTjdoKx0yloYw45bpn6fJhcqCoUGiZuOU1IAQIgAtPt7S8FHFYW9OMHh3S5FVAxk-lhli-2lX22bBNSDog", "userHandle": "dXMtMmJhMGgtbHZwMnEtOHYxODYwcGNqMWJoNWlyaQ" } } }' - Response
- 200: Success