TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnAuthenticationSuccessful
Fires at the end of /authenticate/verify when the assertion signature is valid; the application should update the sign counter and establish the session.
public event TsgcWebAuthnOnAuthenticationSuccessfulHandler OnWebAuthnAuthenticationSuccessful;
// delegate void TsgcWebAuthnOnAuthenticationSuccessfulHandler(TObject Sender, TsgcWebAuthn_AuthenticationVerify_Request aRequest, TsgcWebAuthn_Authentication aAuthentication, out bool Accept)—
Final hook of a successful authentication ceremony. aRequest is the verify payload sent by the client; aAuthentication carries the verified user id, the matching credential record and the new sign counter reported by the authenticator. Persist the updated sign counter and any backup/usage flags, then set Accept to true to let the server issue its session token. Set Accept to false to abort at the last moment — for example when your risk engine rejects the login — in which case the client receives an authentication error instead of a success response.