60380: Client data invalid or not provided

This error occurs when a Verify Passkeys request does not include a valid response.clientDataJSON value. Verify requires clientDataJSON when you finish passkey registration with VerifyFactor and when you approve a passkey authentication challenge with ApproveChallenge.

• The request body did not include response.clientDataJSON. Verify requires that field for both passkey registration and passkey challenge approval.
• The request did not send the full browser-generated credential object as JSON. The Passkeys quickstart instructs you to pass the copied browser credential payload to VerifyFactor and ApproveChallenge.
• The request used the wrong Passkeys payload for the step you are calling. VerifyFactor expects registration data that includes response.attestationObject, while ApproveChallenge expects authentication data that includes response.authenticatorData and response.signature together with response.clientDataJSON.

• For passkey registration, send the generated browser credential to VerifyFactor as JSON and include id, rawId, authenticatorAttachment, type, response.clientDataJSON, and response.attestationObject.
• For passkey authentication, create a challenge, fetch the passkey in the browser, then send that browser response to ApproveChallenge with id, rawId, authenticatorAttachment, response.authenticatorData, response.clientDataJSON, and response.signature.
• Keep the property name exactly as clientDataJSON and send the request body as application/json. Verify defines both Passkeys endpoints as JSON request bodies and names this field explicitly.
• Compare your request payload with the Verify Passkeys quickstart examples. A successful registration returns a factor with status: "verified", and a successful authentication returns a challenge with status: "approved".

• Verify Passkeys quickstart
• Passkeys Factor resource
• Passkeys Challenge resource