60376: Invalid rawId

This error occurs when your Verify Passkeys request includes a rawId value that Verify cannot validate for the browser-generated PublicKeyCredential. Use the rawId returned by the browser credential when you call Passkeys/VerifyFactor to complete Passkey registration or Passkeys/ApproveChallenge to approve a Passkey authentication challenge.

• The rawId value was manually entered, reformatted, truncated, or otherwise changed instead of being passed directly from the browser-generated credential object.
• The request uses id and rawId interchangeably or sends them in the wrong fields. For Passkeys challenge approval, id is the base64url-encoded representation of rawId.
• The credential payload does not come from the correct Passkeys step. Verify uses browser credential data for Passkeys/VerifyFactor during registration and for Passkeys/ApproveChallenge during authentication.

• Read rawId directly from the browser credential object and send that value unchanged in your JSON request body.
• Do not swap id and rawId. Send each value in its matching field.
• Send the full credential payload required by the endpoint you are calling. For registration, use the fields documented for Passkeys/VerifyFactor. For authentication, use the fields documented for Passkeys/ApproveChallenge.
• If you pass the credential from the browser to your server, preserve the original credential fields so rawId reaches Verify without being altered.

• Verify Passkeys quickstart
• Passkeys Factor resource
• Passkeys Challenge resource