CompleteWebAuthnRegistration - Amazon Cognito User Pools

CompleteWebAuthnRegistration

Completes registration of a passkey authenticator for the current signed-in user. Your application provides data from a successful registration request with the data from the output of a StartWebAuthnRegistration.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Request Syntax

{ "AccessToken": "string", "Credential": JSON value }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AccessToken

A valid access token that Amazon Cognito issued to the user whose passkey registration you want to complete.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

Credential

A RegistrationResponseJSON public-key credential response from the user's passkey provider.

Type: JSON value

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ForbiddenException

This exception is thrown when AWS WAF doesn't allow your request based on a web ACL that's associated with your user pool.

HTTP Status Code: 400

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

WebAuthnChallengeNotFoundException

This exception is thrown when the challenge from StartWebAuthn registration has expired.

HTTP Status Code: 400

WebAuthnClientMismatchException

This exception is thrown when the access token is for a different client than the one in the original StartWebAuthnRegistration request.

HTTP Status Code: 400

WebAuthnCredentialNotSupportedException

This exception is thrown when a user presents passkey credentials from an unsupported device or provider.

HTTP Status Code: 400

WebAuthnNotEnabledException

This exception is thrown when the passkey feature isn't enabled for the user pool.

HTTP Status Code: 400

WebAuthnOriginNotAllowedException

This exception is thrown when the passkey credential's registration origin does not align with the user pool relying party id.

HTTP Status Code: 400

WebAuthnRelyingPartyMismatchException

This exception is thrown when the given passkey credential is associated with a different relying party ID than the user pool relying party ID.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: