TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnAuthenticationSuccessful
Fires at the end of /authenticate/verify when the assertion signature is valid; the application should update the sign counter and establish the session.
property OnWebAuthnAuthenticationSuccessful: TsgcWebAuthnOnAuthenticationSuccessful;
// TsgcWebAuthnOnAuthenticationSuccessful = procedure(Sender: TObject; const aRequest: TsgcWebAuthn_AuthenticationVerify_Request; const aAuthentication: TsgcWebAuthn_Authentication; var Accept: Boolean) of object—
Final hook of a successful authentication ceremony. aRequest is the verify payload sent by the client; aAuthentication carries the verified user id, the matching credential record and the new sign counter reported by the authenticator. Persist the updated sign counter and any backup/usage flags, then set Accept to true to let the server issue its session token. Set Accept to false to abort at the last moment — for example when your risk engine rejects the login — in which case the client receives an authentication error instead of a success response.
procedure TForm1.sgcWSAPIServer_WebAuthn1WebAuthnAuthenticationSuccessful(
Sender: TObject; const aRequest: TsgcWebAuthn_AuthenticationVerify_Request;
const aAuthentication: TsgcWebAuthn_Authentication; var Accept: Boolean);
begin
UpdateSignCounter(aAuthentication.CredentialId, aAuthentication.SignCount);
Accept := True;
end;