CompleteWebAuthnRegistration
Completes registration of a passkey authenticator for the current user. Your application provides data from a successful registration request with the data from the output of a StartWebAuthnRegistration.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Request Syntax
{
"AccessToken": "string",
"Credential": JSON value
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AccessToken
-
A valid access token that Amazon Cognito issued to the user whose passkey registration you want to verify.
Type: String
Pattern:
[A-Za-z0-9-_=.]+Required: Yes
- Credential
-
A RegistrationResponseJSON
public-key credential response from the user's passkey provider. Type: JSON value
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ForbiddenException
-
This exception is thrown when AWS WAF doesn't allow your request based on a web ACL that's associated with your user pool.
HTTP Status Code: 400
- InternalErrorException
-
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
- InvalidParameterException
-
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
- LimitExceededException
-
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400
- NotAuthorizedException
-
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400
- TooManyRequestsException
-
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
- WebAuthnChallengeNotFoundException
-
This exception is thrown when the challenge from
StartWebAuthnregistration has expired.HTTP Status Code: 400
- WebAuthnClientMismatchException
-
This exception is thrown when the access token is for a different client than the one in the original
StartWebAuthnRegistrationrequest.HTTP Status Code: 400
- WebAuthnCredentialNotSupportedException
-
This exception is thrown when a user presents passkey credentials from an unsupported device or provider.
HTTP Status Code: 400
- WebAuthnNotEnabledException
-
This exception is thrown when the passkey feature isn't enabled for the user pool.
HTTP Status Code: 400
- WebAuthnOriginNotAllowedException
-
This exception is thrown when the passkey credential's registration origin does not align with the user pool relying party id.
HTTP Status Code: 400
- WebAuthnRelyingPartyMismatchException
-
This exception is thrown when the given passkey credential is associated with a different relying party ID than the user pool relying party ID.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
