60381: Signature invalid or not provided

This error occurs when you approve a Verify Passkeys challenge and the request does not include a valid response.signature value. For the ApproveChallenge request, send the authenticator assertion in response.signature together with the related response.authenticatorData and response.clientDataJSON fields.

• The response.signature field is missing from the JSON body sent to POST /v2/Services/{ServiceSid}/Passkeys/ApproveChallenge.
• Your application did not send the full credential assertion returned by navigator.credentials.get() when it approved the challenge.
• The signature value was altered, truncated, or formatted incorrectly before your server sent it to Verify. Verify expects the assertion signature generated by the authenticator for the current authentication response.

• Include response.signature in the ApproveChallenge request body.
• Send the complete credential assertion returned by navigator.credentials.get() as the JSON payload when you call ApproveChallenge. Include id, rawId, authenticatorAttachment, type, response.authenticatorData, response.clientDataJSON, and response.signature.
• Compare your request payload with the Passkeys challenge example and make sure your application preserves the original browser values without dropping or renaming required fields.

• Verify Passkeys quickstart
• Passkeys Challenge resource
• Verify Passkeys technical overview