Reset a webauthn security key in AM/Identity Cloud

How can we reset a webauthn security key registered for a user profile via REST API call? I know the action reset is available for push/OATH device. There is no documentation present for webauthn.Refer the below doc:

https://backstage.forgerock.com/docs/am/7.3/authentication-guide/authn-mfa-reset-devices.html

Hi @KaranNayyar1,

I think you should be able to query the devices using this call (in my case using a service account access token)

curl  'https://openam-nom1.forgeblocks.com/am/json/realms/root/realms/alpha/users/<fr-idm-uuid>/devices/2fa/webauthn?_queryFilter=true' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV.....' \

Then you should be able to DELETE selectively entries by using the corresponding id:

curl --request DELETE 'https://openam-nom1.forgeblocks.com/am/json/realms/root/realms/alpha/users/<fr-idm-uuid>/devices/2fa/webauthn/<id>

Regards
Patrick

2 Likes

Note that the DELETE can only be done under an authenticated user session, admins can’t do it.

Interesting note - is there a particular reason as to why an administrative user can’t manage these?