Principal
Following a successful registration or authentication operation, your frontend code will receive a code and id_token. These can be exchanged for a Principal, representing the outcome of the operation.
export interface Principal { id: string; userId: string; authenticatorId: string; authenticatorType: "passkey"; passkey?: { id: string; verified: boolean; userVerified: boolean; }; createdAt: number; expiresAt: number;}Properties
Section titled “Properties”| Property | description |
|---|---|
| id | Generated every time a Principal is created. Equivalent to the JWT jti property |
| userId | Assigned user id. By default this will be the authenticatorId, but can be changed via the REST API. See linking accounts |
| authenticatorId | Unique identifier i.e. the passkey id |
| authenticatorType | Currently hardcoded as “passkey”, but in the future this will be extended to support additional authenticator types e.g. Apple and Google sign in |
| passkey.id | Same as authenticatorId |
| passkey.verified | Should always be true |
| passkey.userVerified | Whether the device re-authenticated the user locally |
| createdAt | Timestamp, milliseconds since epoch |
| expiresAt | Aligns with the JWT exp property |