# Passkeys

Passkey (WebAuthn) registration and authentication

## List registered passkeys

 - [GET /api/v1/passkeys](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys/get.md): Returns passkey credentials for current selected user

## Begin passkey authentication

 - [GET /api/v1/passkeys/begin-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-auth/get.md): Generates and returns WebAuthn assertion (request) options. The server will set cookies to maintain the authentication challenge context. Optionally restrict by username.

## Begin passkey registration

 - [GET /api/v1/passkeys/begin-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-register/get.md): Generates and returns WebAuthn creation options for the current user. The server will set cookies to maintain the registration challenge context.

## Finish passkey authentication

 - [POST /api/v1/passkeys/finish-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-auth/post.md): Verifies the authenticator assertion against the stored challenge and returns a session token on success.

## Finish passkey registration

 - [POST /api/v1/passkeys/finish-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-register/post.md): Validates the authenticator attestation response against the stored challenge and persists the new credential.

## Remove a registered passkey

 - [DELETE /api/v1/passkeys/{credentialId}](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1%7Bcredentialid%7D/delete.md): Deletes a credential by id. Cannot remove last remaining login method.