Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this pageProducts used
Looking for more inspiration?Visit the

60382: Factor does not match the relying party of the challenge

ERROR: 60382

error-60382 page anchor
VERIFY
ERROR

Description

description page anchor

This error occurs in Verify Passkeys when the passkey factor you use is bound to a different relying party than the challenge you are trying to complete. Passkeys are tied to a website or app domain, and Verify stores relying party settings on the factor and returns relying party information in the challenge options used for authentication.

Possible causes

possible-causes page anchor
  • The passkey factor was created or verified with config.relying_party values that do not match the relying party in the challenge. Verify stores relying party settings on the factor, and the challenge response includes the relying party used for authentication.
  • The Verify Service uses different Passkeys.RelyingParty.id or Passkeys.RelyingParty.origins values than the domain your browser is using for passkey registration or authentication. Passkeys bind to a specific domain, and WebAuthn checks that domain during creation and challenge verification.
  • You created the passkey on the wrong domain. During registration, use the domain returned in config.relying_party.id.
  • You are trying to authenticate from a different domain or browser context than the one tied to the challenge. The authentication flow requires using the challenge response in the browser on the configured relying party domain.

Possible solutions

possible-solutions page anchor
  • Compare the factor's config.relying_party.id, config.relying_party.origins, and related passkey settings with the relying party returned in the challenge response. Use matching values before you create or approve the challenge.
  • Confirm your Verify Service is configured with the correct Passkeys.RelyingParty.id, Passkeys.RelyingParty.name, and Passkeys.RelyingParty.origins for the domain you want to support. Update the service if those values are wrong.
  • Register the passkey from the correct relying party domain. Open the browser on the domain returned in config.relying_party.id before you create and verify the factor.
  • Authenticate the passkey from the correct relying party domain and browser session. Use the challenge response in the browser on the configured domain before you call ApproveChallenge.
  • If the factor was created under the wrong relying party configuration, create a new passkey factor with the correct configuration and then create a new challenge for that factor or identity.

Additional resources

additional-resources page anchor