# Begin passkey authentication

Generates and returns WebAuthn assertion (request) options. The server will set cookies to maintain the authentication challenge context. Optionally restrict by username.

Endpoint: GET /api/v1/passkeys/begin-auth
Version: 1.0
Security: 

## Query parameters:

  - `username` (string,null)

## Response 200 fields (application/json):

  - `challenge` (string, required)
    Base64url-encoded challenge

  - `timeout` (integer, required)
    Timeout in milliseconds

  - `rpId` (string, required)
    Relying Party ID

  - `allowCredentials` (array,null)
    List of allowed credentials for assertion (by descriptor)

  - `allowCredentials.type` (string,null)

  - `allowCredentials.id` (string,null)

  - `allowCredentials.transports` (array,null)

  - `userVerification` (string,null)
    User verification requirement (preferred/required/discouraged)

  - `extensions` (object,null)
    Extension inputs keyed by extension name

## Response 400 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation