On the server, generate an authentication options object containing a fresh random challenge, the relying party id, and optionally an allowCredentials list containing the credential IDs registered to the user.
Send the options to the browser; call navigator.credentials.get({ publicKey: options }) after decoding the challenge; the browser locates a matching passkey and prompts the user for biometric or PIN confirmation.
On success, the API returns an AuthenticatorAssertionResponse containing the authenticator data, client data JSON, and a cryptographic signature.
Send the assertion to the server; verify the client data JSON (type is 'webauthn.get', origin and challenge match), then verify the signature over the authenticator data and client data hash using the stored public key for this credential.
Check the authenticator data flags: confirm the user presence (UP) bit is set and, if your policy requires it, the user verification (UV) bit is also set.
Update the stored sign count for the credential (raise an error if the returned count is not greater than the stored count, as this may indicate credential cloning); complete the user's session.
Known gotchas
An allowCredentials list scoped to the user's registered credentials is optional but improves UX by hinting which passkey to use; omitting it enables conditional UI (passkey autofill) but requires the user to have a passkey discoverable for your rp.id.
Sign count validation is a defense against cloned authenticators; however, some platform authenticators (especially synced passkeys across devices) may not increment counters reliably—decide whether to treat count regressions as hard errors or warnings.
Never skip signature verification; trusting the assertion without verifying the signature is a critical authentication bypass.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp