Factor Service Error (400) when posting U2F assertion to Okta

Hey there, I’m working on adding Yubikey support for okta authentication to a cli tool using go lang. I have come across an issue where I am trying to post the signed assertion of a U2F challenge back to Okta but am receiving a 400 error. I am unsure of the exact reason the request is failing and was hoping for some help.

What I am doing:

Okta reads the Yubi key as webauthn factor, I am using the U2F verification method as the golang support for webauthn devices is not the greatest.
I am successfully sending the challenge to the device and received the required values for the okta approval: “clientData” and “signitureData” from docs.
Then sending the post request to https://${yourOktaDomain}/api/v1/authn/factors/${factorId}/verify with my orgs domain and same factor id used to get the u2f challenge from okta. When posting this information I receive a 400 error.

I’m hoping to see if there was any guidance I could receive in order to track down the exact reason why the request is failing, that being incorrect data, formatting or something else.


I have not manually run through this flow. Potentially Okta might log some hints to the 400.
You would need to open a case in order to supply the Okta Request ID from a test so we could search for it.

I suggest the following. When you go through the flow, create the request with your own code (Go) and also use the JS sample Okta provides from the link you sent.
This way you can verify that your code is signing the request correctly, and you can compare how your request is made with the request from the docs.

Thank You,

Hey Erik, thanks for the reply.

Just so I’m understanding correctly, are you suggesting I use the example JS script inside my go application?