60387: Attested credential data invalid or not provided

This error occurs when the VerifyFactor request for Verify Passkeys does not include valid attested credential data from a WebAuthn registration response. Finish passkey registration by sending the copied credential object returned during passkey creation, including id, rawId, type, authenticatorAttachment, response.clientDataJSON, and response.attestationObject.

• You did not include response.attestationObject in the VerifyFactor request.
• You sent a payload that did not come from the passkey registration flow. Registration uses the credential returned by create(parseCreationOptionsFromJSON(options)), which produces the AuthenticatorAttestationResponse required for VerifyFactor.
• This can happen if you changed the generated credential payload before sending it. Copy the generated credential JSON from the browser and pass that object to VerifyFactor.

• Generate a new passkey credential in the browser and send the full copied credential JSON to POST /v2/Services/{service_sid}/Passkeys/VerifyFactor. Include id, rawId, type, authenticatorAttachment, response.clientDataJSON, and response.attestationObject.
• Use the registration flow when you create the credential. Send the result of create(parseCreationOptionsFromJSON(options)) to VerifyFactor instead of sending a credential from the authentication flow.
• If you recreate the passkey on the web, verify that your Verify Service passkeys configuration uses the correct Relying Party ID and allowed origins for your domain. Create the passkey over HTTPS before you retry.

• Verify Passkeys quickstart
• Passkeys Factor API reference
• Verify Passkeys technical overview