Beyond Identity · Schema
Credential
A credential (passkey) is the public-private key pair that belongs to an identity in Beyond Identity.
AuthenticationPasswordlessZero TrustIdentityPasskeysMFADevice SecurityOAuth 2.0OIDCSCIM
Properties
| Name | Type | Description |
|---|---|---|
| id | string | A unique identifier for a credential. Automatically generated on creation. Immutable and read-only. Unique within the realm. |
| identity_id | string | A unique identifier for the credential's identity. Automatically set on creation. Immutable and read-only. |
| realm_id | string | A unique identifier for the credential's realm. Automatically set on creation. Immutable and read-only. |
| tenant_id | string | A unique identifier for the credential's tenant. Automatically set on creation. Immutable and read-only. |
| state | string | Current state of the credential. ACTIVE = can authenticate; REVOKED = cannot authenticate. |
| csr_type | string | Type of certificate signing request that created this credential. JWT = delivered as a JWT; WEBAUTHN = delivered as a WebAuthn attestation response; FIDO2 = FIDO2 WebAuthn Level 2 attestation. |
| jwk_json | string | The public key of the Credential in JWK format (RFC-7517). Immutable and read-only. |
| jwk_thumbprint | string | Base64 URL encoding of the JWK thumbprint of the public key (RFC-7638). Immutable and read-only. |
| create_time | string | ISO8601 combined date and time representing when the credential was created. Read-only. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/beyond-identity/main/json-schema/beyond-identity-credential-schema.json",
"title": "Credential",
"description": "A credential (passkey) is the public-private key pair that belongs to an identity in Beyond Identity.",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "A unique identifier for a credential. Automatically generated on creation. Immutable and read-only. Unique within the realm.",
"readOnly": true,
"example": "f3e87aa26a696372"
},
"identity_id": {
"type": "string",
"description": "A unique identifier for the credential's identity. Automatically set on creation. Immutable and read-only.",
"readOnly": true,
"example": "4a2719e73d6d972d"
},
"realm_id": {
"type": "string",
"description": "A unique identifier for the credential's realm. Automatically set on creation. Immutable and read-only.",
"readOnly": true,
"example": "d65cc516f7f22fdd"
},
"tenant_id": {
"type": "string",
"description": "A unique identifier for the credential's tenant. Automatically set on creation. Immutable and read-only.",
"readOnly": true,
"example": "f1a7309c1e3d1e85"
},
"state": {
"type": "string",
"enum": ["ACTIVE", "REVOKED"],
"description": "Current state of the credential. ACTIVE = can authenticate; REVOKED = cannot authenticate.",
"readOnly": true,
"example": "ACTIVE"
},
"csr_type": {
"type": "string",
"enum": ["JWT", "WEBAUTHN", "FIDO2"],
"description": "Type of certificate signing request that created this credential. JWT = delivered as a JWT; WEBAUTHN = delivered as a WebAuthn attestation response; FIDO2 = FIDO2 WebAuthn Level 2 attestation.",
"readOnly": true,
"example": "JWT"
},
"jwk_json": {
"type": "string",
"description": "The public key of the Credential in JWK format (RFC-7517). Immutable and read-only.",
"readOnly": true,
"example": "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g\",\"y\":\"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ\"}"
},
"jwk_thumbprint": {
"type": "string",
"description": "Base64 URL encoding of the JWK thumbprint of the public key (RFC-7638). Immutable and read-only.",
"readOnly": true,
"example": "UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA="
},
"create_time": {
"type": "string",
"format": "date-time",
"description": "ISO8601 combined date and time representing when the credential was created. Read-only.",
"readOnly": true
}
}
}